← back
CVE-2014-2120

CVE-2014-2120

CVSS 5.4 MEDIUMEPSS 14.0%● KEVCWE-79
In short

A vulnerability in Cisco ASA's WebVPN login page allows attackers to inject malicious scripts or HTML code. This could let attackers steal login credentials or redirect users to fake pages.

Technical detail

Reflected XSS vulnerability in Cisco ASA WebVPN login interface via unsanitized parameter input. Remote, unauthenticated attacker can inject arbitrary JavaScript/HTML; exploitation requires user interaction (clicking malicious link). Impact includes credential theft and session hijacking.

Summary generated and translated by AI from the official description.
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-2120http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120http://www.securityfocus.com/bid/66290http://www.securitytracker.com/id/1029935