Lucene search

[email protected]NVD:CVE-2014-8012

HistoryDec 18, 2014 - 4:59 p.m.

CVE-2014-8012

2014-12-1816:59:15

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

49.1%

JSON

Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695.

Affected configurations

Nvd

Node

ciscoadaptive_security_appliance_softwareMatch-

VendorProductVersionCPE
ciscoadaptive_security_appliance_software-cpe:2.3:o:cisco:adaptive_security_appliance_software:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance_software	-	cpe:2.3:o:cisco:adaptive_security_appliance_software:-:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8012

www.securitytracker.com/id/1031395

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

49.1%

JSON

Related for NVD:CVE-2014-8012

cisco1 cvelist1 prion1 cve1