CVE-2009-1201

2009-06-2517:30:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

73.9%

JSON

Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN[‘process’] to the name of a crafted function, aka Bug ID CSCsy80694.

Affected configurations

Nvd

Node

ciscoadaptive_security_applianceMatch8.0\(4\)

ciscoadaptive_security_applianceMatch8.1.2

ciscoadaptive_security_applianceMatch8.2.1

AND

ciscoadaptive_security_appliance

VendorProductVersionCPE
ciscoadaptive_security_appliance8.0(4)cpe:2.3:a:cisco:adaptive_security_appliance:8.0\(4\):*:*:*:*:*:*:*
ciscoadaptive_security_appliance8.1.2cpe:2.3:a:cisco:adaptive_security_appliance:8.1.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance8.2.1cpe:2.3:a:cisco:adaptive_security_appliance:8.2.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance*cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance	8.0(4)	cpe:2.3:a:cisco:adaptive_security_appliance:8.0\(4\):::::::*
cisco	adaptive_security_appliance	8.1.2	cpe:2.3:a:cisco:adaptive_security_appliance:8.1.2:::::::*
cisco	adaptive_security_appliance	8.2.1	cpe:2.3:a:cisco:adaptive_security_appliance:8.2.1:::::::*
cisco	adaptive_security_appliance	*	cpe:2.3:h:cisco:adaptive_security_appliance::::::::