ID de Prueba:	1.3.6.1.4.1.25623.1.0.806687
Categoría:	CISCO
Título:	Cisco ASA WebVPN Login Page XSS Vulnerability (cisco-sa-CVE-2014-2120, CSCun19025) - Active Check
Resumen:	Cisco Adaptive Security Appliance (ASA) SSL VPN is prone to a; cross-site scripting (XSS) vulnerability.
Descripción:	Summary: Cisco Adaptive Security Appliance (ASA) SSL VPN is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to an error in password recovery form which fails to filter properly the hidden inputs. NOTE: The vulnerability was verified on Internet Explorer 6.0 (more modern browsers are unaffected). Vulnerability Impact: Successful exploitation allows the attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: Cisco ASA Software versions 8.4(7) and prior and 9.1(4) and prior are vulnerable. Solution: Updates are available, please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2120 BugTraq ID: 66290 http://www.securityfocus.com/bid/66290 Cisco Security Advisory: 20140318 Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120 http://www.securitytracker.com/id/1029935
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.