Cisco Adaptive Security Appliance Software Web-Based Management Interface Reflected Cross-Site Scripting Vulnerability

2020-10-2116:00:00

tools.cisco.com

cisco

adaptive security appliance

cross-site scripting

vulnerability

web-based management interface

update

remote attacker

exploit

software updates

ssl/tls

dos

advisory

EPSS

0.002

Percentile

51.5%

JSON

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software [“#fs”] section of this advisory. See the Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy”] for additional information.

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-rxss-L54Htxp [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-rxss-L54Htxp”]

Affected configurations

Vulners

Node

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.12

ciscofirepower_2100_firmwareMatchany

ciscofirepower_4100_next-generation_firewall_firmwareMatchany

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.2.24

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.4.7

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.12.2.4

ciscoadaptive_security_appliance_softwareMatch2100_series

ciscoadaptive_security_appliance_softwareMatch4100_series

ciscoadaptive_security_appliance_softwareMatch2100_series

ciscoadaptive_security_appliance_softwareMatch4100_series

VendorProductVersionCPE
ciscocisco_adaptive_security_appliance_\(asa\)_software9.8cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8:*:*:*:*:*:*:*
ciscocisco_adaptive_security_appliance_\(asa\)_software9.12cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.12:*:*:*:*:*:*:*
ciscofirepower_2100_firmwareanycpe:2.3:o:cisco:firepower_2100_firmware:any:*:*:*:*:*:*:*
ciscofirepower_4100_next-generation_firewall_firmwareanycpe:2.3:o:cisco:firepower_4100_next-generation_firewall_firmware:any:*:*:*:*:*:*:*
ciscocisco_adaptive_security_appliance_\(asa\)_software9.8.2.24cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8.2.24:*:*:*:*:*:*:*
ciscocisco_adaptive_security_appliance_\(asa\)_software9.8.4.7cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8.4.7:*:*:*:*:*:*:*
ciscocisco_adaptive_security_appliance_\(asa\)_software9.12.2.4cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.12.2.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software2100_seriescpe:2.3:o:cisco:adaptive_security_appliance_software:2100_series:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software4100_seriescpe:2.3:o:cisco:adaptive_security_appliance_software:4100_series:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	cisco_adaptive_security_appliance_\(asa\)_software	9.8	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8:::::::*
cisco	cisco_adaptive_security_appliance_\(asa\)_software	9.12	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.12:::::::*
cisco	firepower_2100_firmware	any	cpe:2.3:o:cisco:firepower_2100_firmware:any:::::::*
cisco	firepower_4100_next-generation_firewall_firmware	any	cpe:2.3:o:cisco:firepower_4100_next-generation_firewall_firmware:any:::::::*
cisco	cisco_adaptive_security_appliance_\(asa\)_software	9.8.2.24	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8.2.24:::::::*
cisco	cisco_adaptive_security_appliance_\(asa\)_software	9.8.4.7	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8.4.7:::::::*
cisco	cisco_adaptive_security_appliance_\(asa\)_software	9.12.2.4	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.12.2.4:::::::*
cisco	adaptive_security_appliance_software	2100_series	cpe:2.3:o:cisco:adaptive_security_appliance_software:2100_series:::::::*
cisco	adaptive_security_appliance_software	4100_series	cpe:2.3:o:cisco:adaptive_security_appliance_software:4100_series:::::::*