CVE-2024-20341
Published: Oct 23, 2024Modified: Nov 1, 2024
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD
Description
A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. This vulnerability is due to improper validation of user-supplied input to application endpoints. An attacker could exploit this vulnerability by persuading a user to follow a link designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the web services page.
Affected (272)
Configuration A188 vulnerable
| Vulnerable Software | Affected Versions |
|---|---|
| Version 9.12.1.2 | |
| Version 9.12.1.3 | |
| Version 9.12.1 | |
| Version 9.12.2.1 | |
| Version 9.12.2.4 | |
| Version 9.12.2.5 | |
| Version 9.12.2.9 | |
| Version 9.12.2 | |
| Version 9.12.3.12 | |
| Version 9.12.3.2 | |
| Version 9.12.3.7 | |
| Version 9.12.3.9 | |
| Version 9.12.3 | |
| Version 9.12.4.10 | |
| Version 9.12.4.13 | |
| Version 9.12.4.18 | |
| Version 9.12.4.24 | |
| Version 9.12.4.26 | |
| Version 9.12.4.29 | |
| Version 9.12.4.2 | |
| Version 9.12.4.30 | |
| Version 9.12.4.35 | |
| Version 9.12.4.37 | |
| Version 9.12.4.38 | |
| Version 9.12.4.39 | |
| Version 9.12.4.40 | |
| Version 9.12.4.41 | |
| Version 9.12.4.47 | |
| Version 9.12.4.48 | |
| Version 9.12.4.4 | |
| Version 9.12.4.50 | |
| Version 9.12.4.52 | |
| Version 9.12.4.54 | |
| Version 9.12.4.55 | |
| Version 9.12.4.56 | |
| Version 9.12.4.58 | |
| Version 9.12.4.62 | |
| Version 9.12.4.65 | |
| Version 9.12.4.7 | |
| Version 9.12.4.8 | |
| Version 9.12.4 | |
| Version 9.14.1.10 | |
| Version 9.14.1.15 | |
| Version 9.14.1.19 | |
| Version 9.14.1.30 | |
| Version 9.14.1.6 | |
| Version 9.14.1 | |
| Version 9.14.2.13 | |
| Version 9.14.2.15 | |
| Version 9.14.2.4 | |
| Version 9.14.2.8 | |
| Version 9.14.2 | |
| Version 9.14.3.11 | |
| Version 9.14.3.13 | |
| Version 9.14.3.15 | |
| Version 9.14.3.18 | |
| Version 9.14.3.1 | |
| Version 9.14.3.9 | |
| Version 9.14.3 | |
| Version 9.14.4.12 | |
| Version 9.14.4.13 | |
| Version 9.14.4.14 | |
| Version 9.14.4.15 | |
| Version 9.14.4.17 | |
| Version 9.14.4.22 | |
| Version 9.14.4.23 | |
| Version 9.14.4.24 | |
| Version 9.14.4.6 | |
| Version 9.14.4.7 | |
| Version 9.14.4 | |
| Version 9.15.1.10 | |
| Version 9.15.1.15 | |
| Version 9.15.1.16 | |
| Version 9.15.1.17 | |
| Version 9.15.1.1 | |
| Version 9.15.1.21 | |
| Version 9.15.1.7 | |
| Version 9.15.1 | |
| Version 9.16.1.28 | |
| Version 9.16.1 | |
| Version 9.16.2.11 | |
| Version 9.16.2.13 | |
| Version 9.16.2.14 | |
| Version 9.16.2.3 | |
| Version 9.16.2.7 | |
| Version 9.16.2 | |
| Version 9.16.3.14 | |
| Version 9.16.3.15 | |
| Version 9.16.3.19 | |
| Version 9.16.3.23 | |
| Version 9.16.3.3 | |
| Version 9.16.3 | |
| Version 9.16.4.14 | |
| Version 9.16.4.18 | |
| Version 9.16.4.19 | |
| Version 9.16.4.27 | |
| Version 9.16.4.38 | |
| Version 9.16.4.39 | |
| Version 9.16.4.42 | |
| Version 9.16.4.48 | |
| Version 9.16.4.9 | |
| Version 9.16.4 | |
| Version 9.17.1.10 | |
| Version 9.17.1.11 | |
| Version 9.17.1.13 | |
| Version 9.17.1.15 | |
| Version 9.17.1.20 | |
| Version 9.17.1.30 | |
| Version 9.17.1.33 | |
| Version 9.17.1.7 | |
| Version 9.17.1.9 | |
| Version 9.17.1 | |
| Version 9.18.1.3 | |
| Version 9.18.1 | |
| Version 9.18.2.5 | |
| Version 9.18.2.7 | |
| Version 9.18.2.8 | |
| Version 9.18.2 | |
| Version 9.18.3.39 | |
| Version 9.18.3.46 | |
| Version 9.18.3.53 | |
| Version 9.18.3.55 | |
| Version 9.18.3.56 | |
| Version 9.18.3 | |
| Version 9.18.4.5 | |
| Version 9.18.4.8 | |
| Version 9.18.4 | |
| Version 9.19.1.12 | |
| Version 9.19.1.18 | |
| Version 9.19.1.22 | |
| Version 9.19.1.24 | |
| Version 9.19.1.27 | |
| Version 9.19.1.5 | |
| Version 9.19.1.9 | |
| Version 9.19.1 | |
| Version 9.20.1.5 | |
| Version 9.20.1 | |
| Version 9.20.2 | |
| Version 9.8.1.5 | |
| Version 9.8.1.7 | |
| Version 9.8.1 | |
| Version 9.8.2.14 | |
| Version 9.8.2.15 | |
| Version 9.8.2.17 | |
| Version 9.8.2.20 | |
| Version 9.8.2.24 | |
| Version 9.8.2.26 | |
| Version 9.8.2.28 | |
| Version 9.8.2.33 | |
| Version 9.8.2.35 | |
| Version 9.8.2.38 | |
| Version 9.8.2.45 | |
| Version 9.8.2.8 | |
| Version 9.8.2 | |
| Version 9.8.3.11 | |
| Version 9.8.3.14 | |
| Version 9.8.3.16 | |
| Version 9.8.3.18 | |
| Version 9.8.3.21 | |
| Version 9.8.3.26 | |
| Version 9.8.3.29 | |
| Version 9.8.3.8 | |
| Version 9.8.3 | |
| Version 9.8.4.10 | |
| Version 9.8.4.12 | |
| Version 9.8.4.15 | |
| Version 9.8.4.17 | |
| Version 9.8.4.20 | |
| Version 9.8.4.22 | |
| Version 9.8.4.25 | |
| Version 9.8.4.26 | |
| Version 9.8.4.29 | |
| Version 9.8.4.32 | |
| Version 9.8.4.33 | |
| Version 9.8.4.34 | |
| Version 9.8.4.35 | |
| Version 9.8.4.39 | |
| Version 9.8.4.3 | |
| Version 9.8.4.40 | |
| Version 9.8.4.41 | |
| Version 9.8.4.43 | |
| Version 9.8.4.44 | |
| Version 9.8.4.45 | |
| Version 9.8.4.46 | |
| Version 9.8.4.48 | |
| Version 9.8.4.7 | |
| Version 9.8.4.8 | |
| Version 9.8.4 |
Configuration B84 vulnerable
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.2.3.10 | |
| Version 6.2.3.11 | |
| Version 6.2.3.12 | |
| Version 6.2.3.13 | |
| Version 6.2.3.14 | |
| Version 6.2.3.15 | |
| Version 6.2.3.16 | |
| Version 6.2.3.17 | |
| Version 6.2.3.18 | |
| Version 6.2.3.1 | |
| Version 6.2.3.2 | |
| Version 6.2.3.3 | |
| Version 6.2.3.4 | |
| Version 6.2.3.5 | |
| Version 6.2.3.6 | |
| Version 6.2.3.7 | |
| Version 6.2.3.8 | |
| Version 6.2.3.9 | |
| Version 6.2.3 | |
| Version 6.4.0.10 | |
| Version 6.4.0.11 | |
| Version 6.4.0.12 | |
| Version 6.4.0.13 | |
| Version 6.4.0.14 | |
| Version 6.4.0.15 | |
| Version 6.4.0.16 | |
| Version 6.4.0.17 | |
| Version 6.4.0.1 | |
| Version 6.4.0.2 | |
| Version 6.4.0.3 | |
| Version 6.4.0.4 | |
| Version 6.4.0.5 | |
| Version 6.4.0.6 | |
| Version 6.4.0.7 | |
| Version 6.4.0.8 | |
| Version 6.4.0.9 | |
| Version 6.4.0 | |
| Version 6.6.0.1 | |
| Version 6.6.0 | |
| Version 6.6.1 | |
| Version 6.6.3 | |
| Version 6.6.4 | |
| Version 6.6.5.1 | |
| Version 6.6.5.2 | |
| Version 6.6.5 | |
| Version 6.6.7.1 | |
| Version 6.6.7.2 | |
| Version 6.6.7 | |
| Version 6.7.0.1 | |
| Version 6.7.0.2 | |
| Version 6.7.0.3 | |
| Version 6.7.0 | |
| Version 7.0.0.1 | |
| Version 7.0.0 | |
| Version 7.0.1.1 | |
| Version 7.0.1 | |
| Version 7.0.2.1 | |
| Version 7.0.2 | |
| Version 7.0.3 | |
| Version 7.0.4 | |
| Version 7.0.5 | |
| Version 7.0.6.1 | |
| Version 7.0.6 | |
| Version 7.1.0.1 | |
| Version 7.1.0.2 | |
| Version 7.1.0.3 | |
| Version 7.1.0 | |
| Version 7.2.0.1 | |
| Version 7.2.0 | |
| Version 7.2.1 | |
| Version 7.2.2 | |
| Version 7.2.3 | |
| Version 7.2.4.1 | |
| Version 7.2.4 | |
| Version 7.2.5.1 | |
| Version 7.2.5.2 | |
| Version 7.2.5 | |
| Version 7.3.0 | |
| Version 7.3.1.1 | |
| Version 7.3.1.2 | |
| Version 7.3.1 | |
| Version 7.4.0 | |
| Version 7.4.1.1 | |
| Version 7.4.1 |
Related CWEs
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
References (4)
Source: psirt@cisco.com
Broken Link
Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Broken Link
Source: psirt@cisco.com
Vendor Advisory
Timeline
No history available yet.