CVE-2014-2120

Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to...

Basic Information

CVE State: PUBLISHED
Reserved Date: February 25, 2014
Published Date: March 19, 2014
Last Updated: November 13, 2024
Vendor: n/a
Product: n/a
Description: Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.

CVSS Scores

CVSS v3.1

6.1 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2.0

4.3 -

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

SSVC Information

Exploitation: active
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (added 2024-11-12 00:00:00 UTC) Source

References

http://www.securitytracker.com/id/1029935 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120 http://www.securityfocus.com/bid/66290

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-11-12 00:00:00 UTC