Lucene search

[email protected]CVE-2019-1701

HistoryMay 03, 2019 - 4:29 p.m.

CVE-2019-1701

2019-05-0316:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cisco

asa

ftd

software

vulnerabilities

webvpn

cross-site scripting

xss

attack

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities.

Affected configurations

NVD

Node

ciscoadaptive_security_appliance_softwareRange<9.4.4.34

ciscoadaptive_security_appliance_softwareRange9.5–9.6.4.25

ciscoadaptive_security_appliance_softwareRange9.7–9.8.4

ciscoadaptive_security_appliance_softwareRange9.9–9.9.2.50

ciscoadaptive_security_appliance_softwareRange9.10–9.10.1.17

AND

ciscoasa_5505Match-

ciscoasa_5510Match-

ciscoasa_5512-xMatch-

ciscoasa_5515-xMatch-

ciscoasa_5520Match-

ciscoasa_5525-xMatch-

ciscoasa_5540Match-

ciscoasa_5545-xMatch-

ciscoasa_5550Match-

ciscoasa_5555-xMatch-

ciscoasa_5580Match-

ciscoasa_5585-xMatch-

Node

ciscofirepower_threat_defenseRange6.2.1–6.2.3.12

ciscofirepower_threat_defenseRange6.3.0–6.3.0.3

CPENameOperatorVersion
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.4.4.34
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.6.4.25
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.8.4
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.9.2.50
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.10.1.17

CPE	Name	Operator	Version
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.4.4.34
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.6.4.25
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.8.4
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.9.2.50
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.10.1.17

CNA Affected

[
  {
    "product": "Cisco Adaptive Security Appliance (ASA) Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "9.4.4.34",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "9.6.4.25",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "9.8.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "9.9.2.50",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "9.10.1.17",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Cisco Firepower Threat Defense (FTD) Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.2.3.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "6.3.0.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108152

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-xss

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

Related for CVE-2019-1701

cisco1 prion1 cvelist1 nvd1