Details of VAR-202204-1722

ID

VAR-202204-1722

CVE

CVE-2022-20713

TITLE

Cisco Adaptive Security Appliance Cross-site scripting vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2022-016222

DESCRIPTION

A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is due to improper validation of input that is passed to the VPN web client services component before being returned to the browser that is in use. An attacker could exploit this vulnerability by persuading a user to visit a website that is designed to pass malicious requests to a device that is running Cisco ASA Software or Cisco FTD Software and has web services endpoints supporting VPN features enabled. A successful exploit could allow the attacker to reflect malicious input from the affected device to the browser that is in use and conduct browser-based attacks, including cross-site scripting attacks. The attacker could not directly impact the affected device. Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an malicious user to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-dos-KJjFtNb

Trust: 1.8

sources: NVD: CVE-2022-20713 // JVNDB: JVNDB-2022-016222 // VULHUB: VHN-405266 // VULMON: CVE-2022-20713

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.0.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.2	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.3	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.18	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.0.1	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.2.17	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.8	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.7.0.3	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.45	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.15.1.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.3.14	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.15.1.16	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.18.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.17.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.7	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.16	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.2.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.13	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.12	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.2.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.10	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.16	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.50	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.4	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.17	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.2.35	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.17.1.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.40	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.17.1.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.15.1.21	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.32	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.2.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.2.7	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.3.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.4	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.5.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.3.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.29	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.41	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.3	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.2.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.44	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.5	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.3.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.17.1.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.4.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.48	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.37	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.7.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.20	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.2.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.2.5	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.2.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.40	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.2.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.4.9	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.1.2	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.3.9	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.35	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.2.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.41	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.22	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.2.20	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.2.24	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.54	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.0.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.1.28	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.7.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.2.26	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.0.1.1	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.0.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.52	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.1.6	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.1.0.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.34	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.17	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.3.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.3.29	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.47	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.35	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.3.23	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.4.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.3.19	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.2.8	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.19.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.4.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.3.3	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.3.9	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.24	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.3.11	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.3.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.10	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.4.7	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.8	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.11	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.1.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.1.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.2.33	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.15.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.17.1.13	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.0.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.4.12	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.2.4	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.2.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.1	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.39	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.3.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.3.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.3.15	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.1	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.1.0.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.3.16	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.26	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.33	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.15.1.7	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.3.26	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.7.0.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.2.28	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.15.1.15	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.4.17	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.14	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.1.19	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.3.12	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.29	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.18.2.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.3.21	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.18.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.18.2.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.9	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.4.6	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.1.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.26	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.25	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.1	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.38	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.17.1.20	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.1.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.3.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.3.18	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.1.30	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.2.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.43	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.3.18	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.18	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.39	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.2.38	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.15.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.18.2.5	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.46	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.17.1.9	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.10	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.2.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.18.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.15.1.17	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.17.1.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.2	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.14.3.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.55	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.3	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.16.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.1.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8.4.12	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.5.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12.4.30	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco adaptive security appliance ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco adaptive security appliance ソフトウェア	scope:	eq	version:	cisco adaptive security appliance software	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco adaptive security appliance ソフトウェア	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-016222 // NVD: CVE-2022-20713

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20713
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20713
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20713
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202208-2739
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-20713
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20713
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20713
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-016222 // CNNVD: CNNVD-202208-2739 // NVD: CVE-2022-20713 // NVD: CVE-2022-20713

PROBLEMTYPE DATA

problemtype:	CWE-444	Trust: 1.1
problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405266 // JVNDB: JVNDB-2022-016222 // NVD: CVE-2022-20713

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2739

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202208-2739

PATCH

title:	cisco-sa-asa-webvpn-LOeKsNmO	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-LOeKsNmO	Trust: 0.8
title:	Cisco Adaptive Security Appliances Software Fixes for cross-site scripting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=247286	Trust: 0.6
title:	Cisco: Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cdb-cmicr-vulns-KJjFtNb	Trust: 0.1

sources: VULMON: CVE-2022-20713 // JVNDB: JVNDB-2022-016222 // CNNVD: CNNVD-202208-2739

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20713	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-016222	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.3979.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3979	Trust: 0.6
db:	CNNVD	id:	CNNVD-202208-2739	Trust: 0.6
db:	VULHUB	id:	VHN-405266	Trust: 0.1
db:	VULMON	id:	CVE-2022-20713	Trust: 0.1

sources: VULHUB: VHN-405266 // VULMON: CVE-2022-20713 // JVNDB: JVNDB-2022-016222 // CNNVD: CNNVD-202208-2739 // NVD: CVE-2022-20713

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-webvpn-loeksnmo	Trust: 1.3
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-webvpn-loeksnmo	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20713	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20713/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3979	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-header-injection-via-clientless-ssl-vpn-39044	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3979.4	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cdb-cmicr-vulns-kjjftnb	Trust: 0.1

sources: VULHUB: VHN-405266 // VULMON: CVE-2022-20713 // JVNDB: JVNDB-2022-016222 // CNNVD: CNNVD-202208-2739 // NVD: CVE-2022-20713

SOURCES

db:	VULHUB	id:	VHN-405266
db:	VULMON	id:	CVE-2022-20713
db:	JVNDB	id:	JVNDB-2022-016222
db:	CNNVD	id:	CNNVD-202208-2739
db:	NVD	id:	CVE-2022-20713

LAST UPDATE DATE

2024-08-14T13:22:23.409000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405266	date:	2022-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-016222	date:	2023-10-03T05:09:00
db:	CNNVD	id:	CNNVD-202208-2739	date:	2023-07-25T00:00:00
db:	NVD	id:	CVE-2022-20713	date:	2024-02-16T17:06:01.590

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405266	date:	2022-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-016222	date:	2023-10-03T00:00:00
db:	CNNVD	id:	CNNVD-202208-2739	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-20713	date:	2022-08-10T17:15:08.423