Cisco Bug: CSCun19025 - ASA WebVPN login page XSS vulnerability

Last Modified

Apr 16, 2020

Products (1)

Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.4(7) 9.1(4)

Description (partial)

Symptom:
A cross-site scripting vulnerability is present in the Cisco ASA WebVPN login page (/+CSCOE+/logon.html).

Conditions:
This was observed on ASA version 8.4(7) and 9.1(4). Versions prior to this fix are most likely affected by
this issue.

Related Community Discussions

Cisco ASA5510 + XSS vulnerability - BugID <key>CSCun19025</key>

Hello All -- Currently we have a allot of Cisco ASA5510 in production configured as remote access SSL VPN end points running software version 9.1.5, current latest release for this device. During our latest audit we found a vulnerability identified by CISCO as <key>CSCun19025</key>, according to the document listed below this should be resolved in version 9.1.5(3), I cant find this software version on the support portal ? The problem is resolved in 9.2.1, but this software release is unsupported on the Cisco ...

Latest activity: Nov 03, 2014

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts

Preview Tool