← back
CVE-2014-2120

CVE-2014-2120

CVSS 5.4 MEDIUMEPSS 14.0%● KEVCWE-79
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.4EPSS 14.0%KEV simPoC Nuclei Metasploit Patch referenciado
Lifecycle
19 Mar 2014Published on NVD
12 Nov 2024Active exploitation (CISA KEV)
Recommendation: Plan a near-term fix — a public PoC already exists.
In short

A vulnerability in Cisco ASA's WebVPN login page allows attackers to inject malicious scripts or HTML code. This could let attackers steal login credentials or redirect users to fake pages.

Technical detail

Reflected XSS vulnerability in Cisco ASA WebVPN login interface via unsanitized parameter input. Remote, unauthenticated attacker can inject arbitrary JavaScript/HTML; exploitation requires user interaction (clicking malicious link). Impact includes credential theft and session hijacking.

Summary generated and translated by AI from the official description.
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-2120http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120http://www.securityfocus.com/bid/66290http://www.securitytracker.com/id/1029935