CVE Vulnerability

CVE-2022-20713

A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks. This vulnerability is due to improper validation of input that is passed to the Clientless SSL VPN component. An attacker could exploit this vulnerability by convincing a targeted user to visit a website that can pass malicious requests to an ASA device that has the Clientless SSL VPN feature enabled. A successful exploit could allow the attacker to conduct browser-based attacks, including cross-site scripting attacks, against the targeted user.

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-LOeKsNmO Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Information

Published : 2022-08-10 05:15

Updated : 2022-08-12 08:23

NVD link : CVE-2022-20713

Mitre link : CVE-2022-20713

Products Affected

Adaptive Security Appliance Software

Cisco

CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')