Back to KEVs

CVE-2014-2120

Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to...

Basic Information

CVE State
PUBLISHED
Reserved Date
February 25, 2014
Published Date
March 19, 2014
Last Updated
November 13, 2024
Vendor
Cisco
Product
Cisco Adaptive Security Appliance (ASA)
Description
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
Tags
cisa edge

CVSS Scores

CVSS v3.1

6.1 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2.0

4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

SSVC Information

Exploitation
active
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2024-11-12 00:00:00 UTC) Source

References

http://www.securitytracker.com/id/1029935 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120 http://www.securityfocus.com/bid/66290

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-11-12 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel