Cisco Secure Firewall ASA and FTD Software VPN Web Services Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary HTML or script code in the context of the VPN web server, by persuading a user to follow a link to a malicious website that submits harmful input to the affected application. The issue arises from improper validation of user-supplied input in HTTP requests.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing for the execution of malicious scripts in the context of the user's browser.

Remediation

Cisco has released software updates to address this vulnerability. For instructions on upgrading Cisco Secure FTD devices, refer to the Cisco Secure FMC upgrade guide. To determine exposure to vulnerabilities in Cisco Secure Firewall ASA or FTD Software, use the Cisco Software Checker tool.