CISA KEV 정보
| 취약점명 | Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability |
|---|---|
| 설명 | Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. |
| 조치사항 | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-79 |
| 등록일 (KEV) | 2024-11-12 |
| 조치 기한 | 2024-12-03 |
| 추가 참고 | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CVE-2014-2120 ; https://nvd.nist.gov/vuln/detail/CVE-2014-2120 |
NVD 상세 정보
CVSS v3.1: 6.1 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NCVSS v2.0: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N설명: Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
CWE: CWE-79 | CWE-79
참조
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120 [Broken Link, Vendor Advisory]
- http://www.securityfocus.com/bid/66290 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1029935 [Broken Link, Third Party Advisory, VDB Entry]
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120 [Broken Link, Vendor Advisory]
- http://www.securityfocus.com/bid/66290 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1029935 [Broken Link, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-2120
This product uses the NVD API but is not endorsed or certified by the NVD.