Site icon GIXtools

Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability

A vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of WebVPN on the Cisco ASA.

The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by convincing a user to access a malicious link.

Security Impact Rating: Medium

CVE: CVE-2014-2120

Source:: Cisco Security Advisories

Exit mobile version