Detections
Analytics
Cisco Secure Web Appliance XSS (cisco-sa-esa-sma-wsa-xss-cP9DuEmq)
medium Nessus Plugin ID 178020
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version, Cisco Secure Web Appliance is affected by cross-site scripting vulnerabilities. The vulnerability is due to insufficient validation of user input. An attacker could exploit this by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Solution
Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwd50087, CSCwe18586See Also
http://www.nessus.org/u?9f43c9b2
Plugin Details
Severity: Medium
ID: 178020
File Name: cisco-sa-esa-sma-wsa-xss-cP9DuEmq_swa.nasl
Version: 1.3
Type: combined
Family: CISCO
Published: 7/6/2023
Updated: 9/22/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2023-20120
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/h:cisco:web_security_appliance, cpe:/a:cisco:web_security_appliance, cpe:/o:cisco:web_security_appliance, cpe:/o:cisco:asyncos
Required KB Items: Host/AsyncOS/Cisco Web Security Appliance/DisplayVersion, Host/AsyncOS/Cisco Web Security Appliance/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 6/21/2023
Vulnerability Publication Date: 6/21/2023
Reference Information
CVE: CVE-2023-20028, CVE-2023-20120