cnvd-2018-08924
Vulnerability from cnvd
Title
Cisco ASA跨站脚本漏洞
Description
Cisco 3000 Series Industrial Security Appliances等都是美国思科(Cisco)公司的不同系列的安全设备。Adaptive Security Appliance(ASA)Software是其中的一套操作系统。Clientless Secure Sockets Layer(SSL)VPN是其中的一个SSL(安全套接层协议)VPN应用程序。
多款Cisco产品中的ASA Software的Clientless SSL VPN门户的Web服务器身份验证请求页面存在跨站脚本漏洞,该漏洞源于程序未能充分的校验用户提交的请求。远程攻击者可通过诱使用户点击特制的链接利用该漏洞在门户的上下文中执行任意脚本代码或访问基于浏览器的敏感信息。
Severity
中
VLAI Severity ?
Patch Name
Cisco ASA跨站脚本漏洞的补丁
Patch Description
Cisco 3000 Series Industrial Security Appliances等都是美国思科(Cisco)公司的不同系列的安全设备。Adaptive Security Appliance(ASA)Software是其中的一套操作系统。Clientless Secure Sockets Layer(SSL)VPN是其中的一个SSL(安全套接层协议)VPN应用程序。
多款Cisco产品中的ASA Software的Clientless SSL VPN门户的Web服务器身份验证请求页面存在跨站脚本漏洞,该漏洞源于程序未能充分的校验用户提交的请求。远程攻击者可通过诱使用户点击特制的链接利用该漏洞在门户的上下文中执行任意脚本代码或访问基于浏览器的敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2
Impacted products
| Name | ['Cisco ASA 5500-X Series Next-Generation Firewalls', 'Cisco Adaptive Security Virtual Appliance (ASAv)', 'Cisco ASA Services Module for Cisco 7600 Series Routers', 'Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches', 'Cisco ASA 5500 Series Adaptive Security Appliances', 'Cisco 3000 Series Industrial Security Appliances (ISA)'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "103926"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-0251"
}
},
"description": "Cisco 3000 Series Industrial Security Appliances\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u5b89\u5168\u8bbe\u5907\u3002Adaptive Security Appliance\uff08ASA\uff09Software\u662f\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Clientless Secure Sockets Layer\uff08SSL\uff09VPN\u662f\u5176\u4e2d\u7684\u4e00\u4e2aSSL\uff08\u5b89\u5168\u5957\u63a5\u5c42\u534f\u8bae\uff09VPN\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684ASA Software\u7684Clientless SSL VPN\u95e8\u6237\u7684Web\u670d\u52a1\u5668\u8eab\u4efd\u9a8c\u8bc1\u8bf7\u6c42\u9875\u9762\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6821\u9a8c\u7528\u6237\u63d0\u4ea4\u7684\u8bf7\u6c42\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u70b9\u51fb\u7279\u5236\u7684\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u95e8\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u6216\u8bbf\u95ee\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "Cisco",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-08924",
"openTime": "2018-05-04",
"patchDescription": "Cisco 3000 Series Industrial Security Appliances\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u5b89\u5168\u8bbe\u5907\u3002Adaptive Security Appliance\uff08ASA\uff09Software\u662f\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Clientless Secure Sockets Layer\uff08SSL\uff09VPN\u662f\u5176\u4e2d\u7684\u4e00\u4e2aSSL\uff08\u5b89\u5168\u5957\u63a5\u5c42\u534f\u8bae\uff09VPN\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684ASA Software\u7684Clientless SSL VPN\u95e8\u6237\u7684Web\u670d\u52a1\u5668\u8eab\u4efd\u9a8c\u8bc1\u8bf7\u6c42\u9875\u9762\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6821\u9a8c\u7528\u6237\u63d0\u4ea4\u7684\u8bf7\u6c42\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u70b9\u51fb\u7279\u5236\u7684\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u95e8\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u6216\u8bbf\u95ee\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco ASA\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Cisco ASA 5500-X Series Next-Generation Firewalls",
"Cisco Adaptive Security Virtual Appliance (ASAv)",
"Cisco ASA Services Module for Cisco 7600 Series Routers",
"Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches",
"Cisco ASA 5500 Series Adaptive Security Appliances",
"Cisco 3000 Series Industrial Security Appliances (ISA)"
]
},
"referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2",
"serverity": "\u4e2d",
"submitTime": "2018-04-19",
"title": "Cisco ASA\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…