CNVD-2018-08924
Vulnerability from cnvd - Published: 2018-05-04
VLAI Severity ?
Title
Cisco ASA跨站脚本漏洞
Description
Cisco 3000 Series Industrial Security Appliances等都是美国思科(Cisco)公司的不同系列的安全设备。Adaptive Security Appliance(ASA)Software是其中的一套操作系统。Clientless Secure Sockets Layer(SSL)VPN是其中的一个SSL(安全套接层协议)VPN应用程序。
多款Cisco产品中的ASA Software的Clientless SSL VPN门户的Web服务器身份验证请求页面存在跨站脚本漏洞,该漏洞源于程序未能充分的校验用户提交的请求。远程攻击者可通过诱使用户点击特制的链接利用该漏洞在门户的上下文中执行任意脚本代码或访问基于浏览器的敏感信息。
Severity
中
Patch Name
Cisco ASA跨站脚本漏洞的补丁
Patch Description
Cisco 3000 Series Industrial Security Appliances等都是美国思科(Cisco)公司的不同系列的安全设备。Adaptive Security Appliance(ASA)Software是其中的一套操作系统。Clientless Secure Sockets Layer(SSL)VPN是其中的一个SSL(安全套接层协议)VPN应用程序。
多款Cisco产品中的ASA Software的Clientless SSL VPN门户的Web服务器身份验证请求页面存在跨站脚本漏洞,该漏洞源于程序未能充分的校验用户提交的请求。远程攻击者可通过诱使用户点击特制的链接利用该漏洞在门户的上下文中执行任意脚本代码或访问基于浏览器的敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2
Impacted products
| Name | ['Cisco ASA 5500-X Series Next-Generation Firewalls', 'Cisco Adaptive Security Virtual Appliance (ASAv)', 'Cisco ASA Services Module for Cisco 7600 Series Routers', 'Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches', 'Cisco ASA 5500 Series Adaptive Security Appliances', 'Cisco 3000 Series Industrial Security Appliances (ISA)'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "103926"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-0251"
}
},
"description": "Cisco 3000 Series Industrial Security Appliances\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u5b89\u5168\u8bbe\u5907\u3002Adaptive Security Appliance\uff08ASA\uff09Software\u662f\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Clientless Secure Sockets Layer\uff08SSL\uff09VPN\u662f\u5176\u4e2d\u7684\u4e00\u4e2aSSL\uff08\u5b89\u5168\u5957\u63a5\u5c42\u534f\u8bae\uff09VPN\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684ASA Software\u7684Clientless SSL VPN\u95e8\u6237\u7684Web\u670d\u52a1\u5668\u8eab\u4efd\u9a8c\u8bc1\u8bf7\u6c42\u9875\u9762\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6821\u9a8c\u7528\u6237\u63d0\u4ea4\u7684\u8bf7\u6c42\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u70b9\u51fb\u7279\u5236\u7684\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u95e8\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u6216\u8bbf\u95ee\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "Cisco",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-08924",
"openTime": "2018-05-04",
"patchDescription": "Cisco 3000 Series Industrial Security Appliances\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u5b89\u5168\u8bbe\u5907\u3002Adaptive Security Appliance\uff08ASA\uff09Software\u662f\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Clientless Secure Sockets Layer\uff08SSL\uff09VPN\u662f\u5176\u4e2d\u7684\u4e00\u4e2aSSL\uff08\u5b89\u5168\u5957\u63a5\u5c42\u534f\u8bae\uff09VPN\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684ASA Software\u7684Clientless SSL VPN\u95e8\u6237\u7684Web\u670d\u52a1\u5668\u8eab\u4efd\u9a8c\u8bc1\u8bf7\u6c42\u9875\u9762\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6821\u9a8c\u7528\u6237\u63d0\u4ea4\u7684\u8bf7\u6c42\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u70b9\u51fb\u7279\u5236\u7684\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u95e8\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u6216\u8bbf\u95ee\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco ASA\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Cisco ASA 5500-X Series Next-Generation Firewalls",
"Cisco Adaptive Security Virtual Appliance (ASAv)",
"Cisco ASA Services Module for Cisco 7600 Series Routers",
"Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches",
"Cisco ASA 5500 Series Adaptive Security Appliances",
"Cisco 3000 Series Industrial Security Appliances (ISA)"
]
},
"referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2",
"serverity": "\u4e2d",
"submitTime": "2018-04-19",
"title": "Cisco ASA\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…