Cisco ASA Software Vulnerability Could Allow XSS Attacks
CVE-2021-1444

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Adaptive Security Appliance (asa) Software
Vendor: CVE Published:; 18 November 2024

Summary

A security flaw in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could enable a remote attacker to perform cross-site scripting (XSS) attacks against an unwary user. This vulnerability arises from the inadequate validation of user-supplied input by the web services interface on affected devices. An attacker may exploit this weakness by enticing a user into clicking a specially crafted link. If executed successfully, the attacker could run arbitrary script code within the context of the affected interface or gain access to sensitive, browser-based information. Cisco has issued software updates aimed at rectifying this issue, and no effective workarounds are currently available. Further details can be found in the associated security advisory.

Affected Version(s)

Cisco Adaptive Security Appliance (ASA) Software 9.4.2.6

Cisco Adaptive Security Appliance (ASA) Software 9.0.1.1

Cisco Adaptive Security Appliance (ASA) Software 9.0.1.2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Nov 13, 2020