Sign-up

ID

VAR-201307-0201


CVE

CVE-2013-3414


TITLE

Cisco Adaptive Security Appliances of WebVPN Portal login page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003509

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCug83080

Trust: 1.98

sources: NVD: CVE-2013-3414 // JVNDB: JVNDB-2013-003509 // BID: 61451 // VULHUB: VHN-63416

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:*

Trust: 1.0

vendor:ciscomodel:adaptive security appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:9.1.2

Trust: 0.8

sources: JVNDB: JVNDB-2013-003509 // CNNVD: CNNVD-201307-551 // NVD: CVE-2013-3414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3414
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3414
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-551
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63416
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3414
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63416
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63416 // JVNDB: JVNDB-2013-003509 // CNNVD: CNNVD-201307-551 // NVD: CVE-2013-3414

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-63416 // JVNDB: JVNDB-2013-003509 // NVD: CVE-2013-3414

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-551

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201307-551

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003509

PATCH
title:Cisco ASA Software Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3414
Trust: 0.8
title:30214url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30214
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003509

EXTERNAL IDS
db:NVDid:CVE-2013-3414
Trust: 2.8
db:SECTRACKid:1028831
Trust: 1.1
db:OSVDBid:95660
Trust: 1.1
db:JVNDBid:JVNDB-2013-003509
Trust: 0.8
db:CNNVDid:CNNVD-201307-551
Trust: 0.7
db:CISCOid:20130724 CISCO ASA SOFTWARE CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:BIDid:61451
Trust: 0.4
db:VULHUBid:VHN-63416
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63416 // 
            
            
            
            BID: 61451 // 
            
            
            
            JVNDB: JVNDB-2013-003509 // 
            
            
            
            CNNVD: CNNVD-201307-551 // 
            
            
            
            NVD: CVE-2013-3414

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3414
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30214
Trust: 1.1
url:http://osvdb.org/95660
Trust: 1.1
url:http://www.securitytracker.com/id/1028831
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/85949
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3414
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3414
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63416 // 
            
            
            
            BID: 61451 // 
            
            
            
            JVNDB: JVNDB-2013-003509 // 
            
            
            
            CNNVD: CNNVD-201307-551 // 
            
            
            
            NVD: CVE-2013-3414

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 61451

SOURCES
db:VULHUBid:VHN-63416
db:BIDid:61451
db:JVNDBid:JVNDB-2013-003509
db:CNNVDid:CNNVD-201307-551
db:NVDid:CVE-2013-3414

LAST UPDATE DATE
2024-08-14T13:58:13.516000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63416date:2017-08-29T00:00:00
db:BIDid:61451date:2013-07-25T00:00:00
db:JVNDBid:JVNDB-2013-003509date:2013-08-06T00:00:00
db:CNNVDid:CNNVD-201307-551date:2014-02-26T00:00:00
db:NVDid:CVE-2013-3414date:2023-08-11T18:54:47.730

SOURCES RELEASE DATE
db:VULHUBid:VHN-63416date:2013-07-25T00:00:00
db:BIDid:61451date:2013-07-25T00:00:00
db:JVNDBid:JVNDB-2013-003509date:2013-07-26T00:00:00
db:CNNVDid:CNNVD-201307-551date:2013-07-25T00:00:00
db:NVDid:CVE-2013-3414date:2013-07-25T15:53:16.177