CVE-2024-20341
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)
Published: Oct 23, 2024 / Updated: 27d ago
010
CVSS 6.1EPSS 0.05%Medium
CVE info copied to clipboard
Summary
A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. This vulnerability is due to improper validation of user-supplied input to application endpoints. An attacker could exploit this vulnerability by persuading a user to follow a link designed to submit malicious input to the affected application.
Impact
A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the web services page. This could lead to the theft of sensitive browser-based information, such as session tokens or cookies, or allow the attacker to perform actions on the web interface with the privileges of the victim user. The attacker might be able to manipulate the behavior of the web application, potentially leading to further attacks against the user or the application itself.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
A patch is available for this vulnerability. Cisco has released software updates that address this issue. Users should upgrade to the latest version of Cisco ASA Software or Cisco Firepower Threat Defense Software as appropriate for their deployment.
Mitigation
To mitigate this vulnerability: 1. Apply the latest software updates provided by Cisco for ASA and FTD Software. 2. Implement strong user education and awareness programs to help users identify and avoid suspicious links. 3. Consider implementing content security policies (CSP) to reduce the risk of XSS attacks. 4. Regularly review and validate input handling mechanisms in web applications. 5. Use web application firewalls (WAF) to provide an additional layer of protection against XSS attacks. 6. Limit access to the VPN web client services interface to trusted networks and users where possible.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Timeline
CVE Assignment
NVD published the first details for CVE-2024-20341
Oct 23, 2024 at 5:15 PM
CVSS
A CVSS base score of 6.1 has been assigned.
Oct 23, 2024 at 5:20 PM / nvd
First Article
Feedly found the first article mentioning CVE-2024-20341. See article
Oct 23, 2024 at 5:24 PM / National Vulnerability Database
CVSS Estimate
Feedly estimated the CVSS score as MEDIUM
Oct 23, 2024 at 5:24 PM
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Qualys (317547)
Oct 24, 2024 at 7:53 AM
EPSS
EPSS Score was set to: 0.05% (Percentile: 16.6%)
Oct 24, 2024 at 9:50 AM
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Qualys (317561)
Oct 28, 2024 at 7:53 AM
Affected Systems
Cisco/firepower_threat_defense_software
+null more
Patches
sec.cloudapps.cisco.com
+null more
Attack Patterns
CAPEC-18: XSS Targeting Non-Script Elements
+null more
References
Multiple Cisco Adaptive Security Appliance (ASA) And Firepower Threat Defense (FTD) Vulnerabilities Identified
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.9, CVEs: CVE-2024-20331, CVE-2024-20341, CVE-2024-20297, CVE-2024-20526, CVE-2024-20384, CVE-2024-20481, CVE-2024-20370, CVE-2024-20493, CVE-2024-20494, CVE-2024-20426, CVE-2024-20402, CVE-2024-20329, CVE-2024-20495, CVE-2024-20268, CVE-2024-20408, Summary: Multiple Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) vulnerabilities have been identified and fixed by Cisco. The vulnerabilities range from critical to medium severity. Multiple vulnerabilities allow attackers to perform various forms of denial-of-service, privilege escalation or ACL bypass. The most sever vulnerability allows an authenticated, remote attacker to execute operating system commands as root on a vulnerable device.
News
Cisco Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure, cross-site scripting and security restriction bypass on the targeted system. Note: CVE-2024-20481 is being exploited in the wild. The Cisco Product Security Incident Response Team (PSIRT) is aware of malicious use of this vulnerability. Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service. RISK: Extremely High Risk Extremely High Risk TYPE: Security software and application – Security Software & Appliance Impact Denial of Service Remote Code Execution Elevation of Privilege Information Disclosure Cross-Site Scripting Security Restriction Bypass System / Technologies affected Cisco Adaptive Security Appliance (ASA) Software Cisco Adaptive Security Virtual Appliance (ASAv) Cisco Secure Firewall Threat Defense Virtual (FTDv) Cisco FirePOWER Services Cisco Firepower Threat Defense (FTD) Software Cisco Secure Firewall Management Center (FMC) Software Please refer to the link below for detail: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-vdb-snort-djj4cnbR https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-dos-eEDWu5RM https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-4gYEWMKg https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-nfJeYHxz https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-rf-bypass-OY8f3pnM https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-bypass-PTry37fX https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-geoip-bypass-MB4zRDu https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-nsgacl-bypass-77XnEAsL https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-acl-bypass-VvnLNKqf https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-priv-esc-hBS9gnwq https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-yjj7ZjVq https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inject-2EnmTC8v https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inj-LOYAFcfq https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-2HBkA97G https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-priv-esc-CMQ4S6m7 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-g8AOKnDP https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-nyH3fhp https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-lce-vU3ekMJ3 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-snmp-dos-7TcnzxTU https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dap-dos-bhEkP7n https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-QXYE5Ufy https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd2100-snort-dos-M9HuMt75 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort-fw-BCJTZPMu https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdvirtual-dos-MuenGnYR https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-tls-CWY6zXB https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-dos-hOnB9pH4 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-cZf8gT https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-9FgEyHsF https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF Solutions Before installation of the software, please visit the vendor web-site for more details.
CVE Alert: CVE-2024-20341 - https://www.redpacketsecurity.com/cve_alert_cve-2024-20341/ #OSINT #ThreatIntel #CyberSecurity #cve_2024_20341
CVE Alert: CVE-2024-20341 - redpacketsecurity.com/cve_al… #OSINT #ThreatIntel #CyberSecurity #cve_2024_20341
cisco cisco-sa-snort-rf-bypass-OY8f3pnM: Multiple Cisco Products Snort Rate Filter Bypass Vulnerability
Development Last Updated: 10/24/2024 CVEs: CVE-2024-20274 , CVE-2024-20387 , CVE-2024-20426 , CVE-2024-20331 , CVE-2024-20264 , CVE-2024-20485 , CVE-2024-20273 , CVE-2024-20474 , CVE-2024-20471 , CVE-2024-20377 , CVE-2024-20495 , CVE-2024-20407 , CVE-2024-20341 , CVE-2024-20473 , CVE-2024-20364 , CVE-2024-20402 , CVE-2024-20493 , CVE-2024-20300 , CVE-2024-20339 , CVE-2024-20269 , CVE-2024-20340 , CVE-2024-20370 , CVE-2024-20382 , CVE-2024-20342 , CVE-2024-20412 , CVE-2024-20329 , CVE-2024-20372 , CVE-2024-20403 , CVE-2024-20431 , CVE-2024-20494 , CVE-2024-20410 , CVE-2024-20472 , CVE-2024-20260 , CVE-2024-20330 , CVE-2024-20388 , CVE-2024-20409 , CVE-2024-20526 , CVE-2024-20268 , CVE-2024-20298 , CVE-2024-20351 , CVE-2024-20386 , CVE-2024-20415 , CVE-2024-20424 , CVE-2024-20408 , CVE-2024-20481
Cisco informuje o nowych podatnościach. (P24-356)
23 października 2024 r. firma Cisco opublikowała ostrzeżenia dotyczące bezpieczeństwa, mające na celu wyeliminowanie luk w zabezpieczeniach wielu produktów. Cisco Adaptive Security Appliance (ASA) Software – wiele wersji Cisco Firepower Management Center (FMC) Software – wiele wersji Cisco Firepower Threat Defense (FTD) Software – wiele wersji Cisco Secure Firewall Management Center (FMC) Software – wiele wersji Link/Opis Krytyczność CVE ID Cisco Secure Firewall Management Center Software Command Injection Vulnerability Krytyczna CVE-2024-20424 Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability Krytyczna CVE-2024-20329 Cisco Firepower Threat Defense Software and Cisco FirePOWER Services TCP/IP Traffic with Snort 2 and Snort 3 Denial of Service Vulnerability Wysoka CVE-2024-20351 Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Appliances TCP UDP Snort 2 and Snort 3 Denial of Service Vulnerability Wysoka CVE-2024-20330 Cisco Firepower Threat Defense Software for Firepower 2100 Series TLS Denial of Service Vulnerability Wysoka CVE-2024-20339 Cisco Adaptive Security Virtual Appliance and Secure Firewall Threat Defense Virtual SSL VPN Denial of Service Vulnerability Wysoka CVE-2024-20260 Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL VPN Memory Management Denial of Service Vulnerability Wysoka CVE-2024-20402 Cisco Adaptive Security Appliance and Firepower Threat Defense Software SNMP Denial of Service Vulnerability Wysoka CVE-2024-20268 Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability Wysoka CVE-2024-20485 Cisco Adaptive Security Appliance and Firepower Threat Defense Software IKEv2 VPN Denial of Service Vulnerability Wysoka CVE-2024-20426 Cisco Adaptive Security Appliance and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability Wysoka CVE-2024-20408 Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Denial of Service Vulnerability Wysoka CVE-2024-20495 Cisco Adaptive Security Appliance and Firepower Threat Defense Software TLS Denial of Service Vulnerability Wysoka CVE-2024-20494 Cisco Firepower Threat Defense Software and Firepower Management Center Software Code Injection Vulnerability Wysoka CVE-2023-20063 Multiple Cisco Products Snort Rate Filter Bypass Vulnerability Średnia CVE-2024-20342 Cisco Firepower Threat Defense Software TCP Snort 3 Detection Engine Bypass Vulnerability Średnia CVE-2024-20407 Cisco Firepower Threat Defense Software Geolocation ACL Bypass Vulnerability Średnia CVE-2024-20431 Cisco Secure Firewall Management Center Software Cross-Site Scripting and Information Disclosure Vulnerabilities Średnia CVE-2024-20377 CVE-2024-20387 … Cisco Secure Firewall Management Center Software Cross-Site Scripting Vulnerabilities Średnia CVE-2024-20264 CVE-2024-20269 … Cisco Secure Firewall Management Center Software SQL Injection Vulnerability Średnia CVE-2024-20340 Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities Średnia CVE-2024-20471 CVE-2024-20472 … Cisco Secure Firewall Management Center Privilege Escalation Vulnerability Średnia CVE-2024-20482 Cisco Secure Firewall Management Center Software HTML Injection Vulnerability Średnia CVE-2024-20274 Cisco Secure Firewall Management Center Software Arbitrary File Read Vulnerability Średnia CVE-2024-20379 Cisco Secure Firewall Management Center Software Cluster Backup Command Injection Vulnerability Średnia CVE-2024-20275 Cisco Secure Firewall Management Center Software Command Injection Vulnerability Średnia CVE-2024-20374 Cisco Secure Client Software Denial of Service Vulnerability Średnia CVE-2024-20474 Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Web Client Services Cross-Site Scripting Vulnerabilities Średnia CVE-2024-20341 CVE-2024-20382 Cisco Adaptive Security Appliance and Firepower Threat Defense Software NSG Access Control List Bypass Vulnerability Średnia CVE-2024-20384 Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Brute Force Denial of Service Vulnerability Średnia CVE-2024-20481 Cisco Adaptive Security Appliance and Firepower Threat Defense Software AnyConnect Access Control List Bypass Vulnerabilities Średnia CVE-2024-20297 CVE-2024-20299 Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability Średnia CVE-2024-20331 Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability Średnia CVE-2024-20493 Cisco Adaptive Security Appliance Software SSH Server Resource Denial of Service Vulnerability Średnia CVE-2024-20526 Cisco Adaptive Security Appliance and Firepower Threat Defense Software FXOS CLI Root Privilege Escalation Vulnerability Średnia CVE-2024-20370 The post Cisco informuje o nowych podatnościach. (P24-356) appeared first on CERT PSE .
Cisco Family October 2024 First Round Security Update Advisory
Vulnerability in Cisco Adaptive Security Appliance (ASA) Software,Cisco Firepower Threat Defense Software that allows a denial of service due to improper validation of client key data after a TLS session has been established (CVE-2024-20495, CVSS 8.6) [6] Vulnerability in Cisco Firepower Threat Defense Software,Cisco Adaptive Security Appliance (ASA) Software due to improper data validation during TLS 1.3 handshake, resulting in a possible denial of service (CVE-2024-20494, CVSS 8.6) [9]
See 8 more articles and social media posts