Details of VAR-202010-1130

ID

VAR-202010-1130

CVE

CVE-2020-3583

TITLE

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Cross-site scripting vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-009720

DESCRIPTION

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. The platform provides features such as highly secure access to data and network resources

Trust: 1.8

sources: NVD: CVE-2020-3583 // JVNDB: JVNDB-2020-009720 // VULHUB: VHN-181708 // VULMON: CVE-2020-3583

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.9.2.80	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.14.1.30	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4.29	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.6.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.10	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.12	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.4.0.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.4.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.14	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.5.0.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.10.1.44	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.3.0.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.13.1.13	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.6.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-009720 // NVD: CVE-2020-3583

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3583
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3583
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-009720
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202010-1179
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181708
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-3583
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3583
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-009720
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181708
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3583
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-009720
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181708 // VULMON: CVE-2020-3583 // JVNDB: JVNDB-2020-009720 // CNNVD: CNNVD-202010-1179 // NVD: CVE-2020-3583 // NVD: CVE-2020-3583

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-181708 // JVNDB: JVNDB-2020-009720 // NVD: CVE-2020-3583

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1179

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202010-1179

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009720

PATCH

title:

cisco-sa-asaftd-xss-multiple-FCB3vPZe

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe

Trust: 0.8

sources: JVNDB: JVNDB-2020-009720

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3583	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-009720	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1179	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3642.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3642	Trust: 0.6
db:	NSFOCUS	id:	50203	Trust: 0.6
db:	CNVD	id:	CNVD-2021-44675	Trust: 0.1
db:	VULHUB	id:	VHN-181708	Trust: 0.1
db:	VULMON	id:	CVE-2020-3583	Trust: 0.1

sources: VULHUB: VHN-181708 // VULMON: CVE-2020-3583 // JVNDB: JVNDB-2020-009720 // CNNVD: CNNVD-202010-1179 // NVD: CVE-2020-3583

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asaftd-xss-multiple-fcb3vpze	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3583	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3583	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/50203	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3642.3	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3642/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-181708 // VULMON: CVE-2020-3583 // JVNDB: JVNDB-2020-009720 // CNNVD: CNNVD-202010-1179 // NVD: CVE-2020-3583

SOURCES

db:	VULHUB	id:	VHN-181708
db:	VULMON	id:	CVE-2020-3583
db:	JVNDB	id:	JVNDB-2020-009720
db:	CNNVD	id:	CNNVD-202010-1179
db:	NVD	id:	CVE-2020-3583

LAST UPDATE DATE

2024-08-14T13:54:28.524000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181708	date:	2022-05-26T00:00:00
db:	VULMON	id:	CVE-2020-3583	date:	2020-10-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-009720	date:	2020-12-02T06:59:28
db:	CNNVD	id:	CNNVD-202010-1179	date:	2021-06-30T00:00:00
db:	NVD	id:	CVE-2020-3583	date:	2023-11-07T03:22:57.303

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181708	date:	2020-10-21T00:00:00
db:	VULMON	id:	CVE-2020-3583	date:	2020-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-009720	date:	2020-12-02T06:59:28
db:	CNNVD	id:	CNNVD-202010-1179	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-3583	date:	2020-10-21T19:15:18.887