Test ID:	1.3.6.1.4.1.25623.1.0.806687
Category:	CISCO
Title:	Cisco ASA WebVPN Login Page XSS Vulnerability (cisco-sa-CVE-2014-2120, CSCun19025) - Active Check
Summary:	Cisco Adaptive Security Appliance (ASA) SSL VPN is prone to a; cross-site scripting (XSS) vulnerability.
Description:	Summary: Cisco Adaptive Security Appliance (ASA) SSL VPN is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to an error in password recovery form which fails to filter properly the hidden inputs. NOTE: The vulnerability was verified on Internet Explorer 6.0 (more modern browsers are unaffected). Vulnerability Impact: Successful exploitation allows the attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: Cisco ASA Software versions 8.4(7) and prior and 9.1(4) and prior are vulnerable. Solution: Updates are available, please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2120 BugTraq ID: 66290 http://www.securityfocus.com/bid/66290 Cisco Security Advisory: 20140318 Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120 http://www.securitytracker.com/id/1029935
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.