Guest

Preview Tool

Cisco Bug: CSCun19025 - ASA WebVPN login page XSS vulnerability

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.4(7) 9.1(4)

Description (partial)

Symptom:
A cross-site scripting vulnerability is present in the Cisco ASA WebVPN login page (/+CSCOE+/logon.html).

Conditions:
This was observed on ASA version 8.4(7) and 9.1(4). Versions prior to this fix are most likely affected by
this issue.

Related Community Discussions

Cisco ASA5510 + XSS vulnerability - BugID <key>CSCun19025</key>
Hello All -- Currently we have a allot of Cisco ASA5510 in production configured as remote access SSL VPN end points running software version 9.1.5, current latest release for this device. During our latest audit we found a vulnerability identified by CISCO as <key>CSCun19025</key>, according to the document listed below this should be resolved in version 9.1.5(3), I cant find this software version on the support portal ? The problem is resolved in 9.2.1, but this software release is unsupported on the Cisco ...
Latest activity: Nov 03, 2014
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.