Test Kennung:	1.3.6.1.4.1.25623.1.0.806687
Kategorie:	CISCO
Titel:	Cisco ASA WebVPN Login Page XSS Vulnerability (cisco-sa-CVE-2014-2120, CSCun19025) - Active Check
Zusammenfassung:	Cisco Adaptive Security Appliance (ASA) SSL VPN is prone to a; cross-site scripting (XSS) vulnerability.
Beschreibung:	Summary: Cisco Adaptive Security Appliance (ASA) SSL VPN is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to an error in password recovery form which fails to filter properly the hidden inputs. NOTE: The vulnerability was verified on Internet Explorer 6.0 (more modern browsers are unaffected). Vulnerability Impact: Successful exploitation allows the attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: Cisco ASA Software versions 8.4(7) and prior and 9.1(4) and prior are vulnerable. Solution: Updates are available, please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2120 BugTraq ID: 66290 http://www.securityfocus.com/bid/66290 Cisco Security Advisory: 20140318 Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120 http://www.securitytracker.com/id/1029935
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.