Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/108152 | Third Party Advisory VDB Entry |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-xss | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
|
History
15 Aug 2023, 15:24
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* |
Information
Published : 2019-05-03 16:29
Updated : 2024-02-28 17:08
NVD link : CVE-2019-1701
Mitre link : CVE-2019-1701
CVE.ORG link : CVE-2019-1701
JSON object : View
Products Affected
cisco
- asa_5550
- asa_5555-x
- asa_5585-x
- asa_5545-x
- asa_5505
- asa_5515-x
- asa_5510
- asa_5512-x
- asa_5580
- asa_5540
- adaptive_security_appliance_software
- asa_5520
- asa_5525-x
- firepower_threat_defense
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')