← Zuruck zu CVEs
CVE-2014-2120
MEDIUMCISA KEV6.1
Beschreibung
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
CVE Details
CVSS v3.1 Bewertung6.1
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht3/19/2014
Zuletzt geandert4/21/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerCisco
ProduktAdaptive Security Appliance (ASA)
SchwachstellennameCisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
KEV Aufnahmedatum2024-11-12
Behebungsfrist2024-12-03
Ransomware-NutzungUnknown
Betroffene Produkte
cisco:adaptive_security_appliance_software
Schwachen (CWE)
CWE-79CWE-79
Referenzen
http://www.securityfocus.com/bid/66290(psirt@cisco.com)
http://www.securitytracker.com/id/1029935(psirt@cisco.com)
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/66290(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1029935(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-2120(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.