CVE-2019-1701 - Vulnerability Details

CVE-2019-1701 - Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00155.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Adaptive Security Appliance Software Asa 5505 Asa 5510 Asa 5512-x Asa 5515-x Asa 5520 Asa 5525-x Asa 5540 Asa 5545-x Asa 5550 Asa 5555-x Asa 5580 Asa 5585-x Firepower Threat Defense

Configuration 1 [-]

AND

OR	cpe:2.3:a:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::

OR	cpe:2.3:h:cisco:asa_5505:-:::::::*
	cpe:2.3:h:cisco:asa_5510:-:::::::*
	cpe:2.3:h:cisco:asa_5512-x:-:::::::*
	cpe:2.3:h:cisco:asa_5515-x:-:::::::*
	cpe:2.3:h:cisco:asa_5520:-:::::::*
	cpe:2.3:h:cisco:asa_5525-x:-:::::::*
	cpe:2.3:h:cisco:asa_5540:-:::::::*
	cpe:2.3:h:cisco:asa_5545-x:-:::::::*
	cpe:2.3:h:cisco:asa_5550:-:::::::*
	cpe:2.3:h:cisco:asa_5555-x:-:::::::*
	cpe:2.3:h:cisco:asa_5580:-:::::::*
	cpe:2.3:h:cisco:asa_5585-x:-:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/108152
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-xss

History

Thu, 21 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-05-03T16:00:35.083047Z

Updated: 2024-11-21T19:35:04.881Z

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1701

Vulnrichment

Updated: 2024-08-04T18:28:42.735Z

NVD

Status : Modified

Published: 2019-05-03T16:29:00.367

Modified: 2024-11-21T04:37:07.973

Link: CVE-2019-1701

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object