Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability

The vulnerability was first identified in 2014...

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance ASA. The vulnerability, tracked as CVE-2014-2120 CVSS score: 4.3, concerns a case of insufficient input validation in ASA's WebVPN login page that...

Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability

Cisco Adaptive Security Appliance ASA contains a cross-site scripting XSS vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...

VulnCheck KEV: CVE-2014-2120

Cisco Adaptive Security Appliance ASA contains a cross-site scripting XSS vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...

CVE-2024-20341 Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability

A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a browser that is accessing an affected...

CVE-2024-20341 Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability

A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a browser that is accessing an affected...

Cisco ASA and FTD Information Disclosure Vulnerability

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software...

The vulnerability in the WebVPN management web interface of the microprogramming software for Cisco Adaptive Security Appliances (ASA) allows a attacker to execute XSS attacks.

The vulnerability in the WebVPN management web interface of the microprogramming software for Cisco Adaptive Security Appliances exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

SSRF Vulnerability in WebVPN Resource Access Control System of Beijing Netrexport Technology Co.

WebVPN Resource Access Control System is a tool that provides users with easy client-free access to resources. Ltd. WebVPN Resource Access Control System suffers from SSRF vulnerability, which can be exploited by attackers to probe intranet information and obtain sensitive information...

Cisco ASA Clientless SSL VPN (WebVPN) Brute-force Login Utility

This module scans for Cisco ASA Clientless SSL VPN WebVPN web login portals and performs login brute-force to identify valid credentials. Module Options msf use auxiliary/scanner/http/ciscoasaclientlessvpn msf auxiliaryciscoasaclientlessvpn show actions ...actions... msf...

Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions

Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier CVE-2022-20866 CVSS score: 7.4, has been described as a "logic error" when handling RSA keys on devices...

Cisco Adaptive Security Appliance Software Clientless SSL VPN Client-Side Request Smuggling (cisco-sa-asa-webvpn-LOeKsNmO)

A vulnerability in the Clientless SSL VPN WebVPN component of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct browser-based attacks. This vulnerability is due to improper validation of input that is passed to the Clientless SSL VPN...

Cisco Firepower Threat Defense Software WebVPN Portal Access Rule Bypass Vulnerability Vulnerability (cisco-sa-asaftd-rule-bypass-P73ABNWQ)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability. This vulnerability could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. The...

Cisco Adaptive Security Appliance Software Software WebVPN Portal Access Rule Bypass (cisco-sa-asaftd-rule-bypass-P73ABNWQ)

According to its self-reported version, Cisco Adaptive Security Appliance Software is affected by a vulnerability. This vulnerability could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. The...

U.S. Dept Of Defense: CVE-2020-3452 on https://█████/

Hello team, I hope you're doing well, healthy & wealthy. I found a CVE-2020-3452 path traversal and here is the explanation. A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an...

U.S. Dept Of Defense: XSS due to CVE-2020-3580 [██████]

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web services interface of an...

U.S. Dept Of Defense: XSS due to CVE-2020-3580 [███]

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web services interface of an...

U.S. Dept Of Defense: XSS due to CVE-2020-3580 [███.mil]

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web services interface of an...

Cisco Adaptive Security Appliance Software WebVPN CRLF Injection (cisco-sa-asa-ftd-crlf-inj-BX9uRwSn)

According to its self-reported version, the Clientless SSL VPN WebVPN of Cisco Adaptive Security Appliance ASA Software is affected by an CRLF injection vulnerability due to improper input sanitization. An unauthenticated, remote attacker can exploit this by persuading a user of the interface to...

Cisco Firepower Threat Defense Software WebVPN CRLF Injection (cisco-sa-asa-ftd-crlf-inj-BX9uRwSn)

According to its self-reported version, the Clientless SSL VPN WebVPN of Cisco Firepower Threat Defense FTD Software is affected by an CRLF injection vulnerability due to improper input sanitization. An unauthenticated, remote attacker can exploit this by persuading a user of the interface to cli...