Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco ASA Software 输入验证错误漏洞
Vulnerability Description
Cisco ASA是美国思科(Cisco)公司的一套防火墙设备。该设备还包括IPS(入侵防御系统)、SSL VPN、IPSec VPN、反垃圾邮件等功能。 Cisco ASA Software的Clientless SSL VPN portal自定义框架中存在安全漏洞,该漏洞源于程序没有正确实现身份验证。远程攻击者可利用该漏洞修改RAMFS自定义对象。以下版本受到影响:Cisco ASA Software 8.2(5.51)之前8.2版本,8.3(2.42)之前8.3版本,8.4(7.23)之前8.4版本
CVSS Information
N/A
Vulnerability Type
N/A