Cisco Security Advisory - Cisco Adaptive Security Appliance Software Clientless SSL VPN Client-Side Request Smuggling Vulnerability

[Netwörkheäd]

Cisco Adaptive Security Appliance Software Clientless SSL VPN Client-Side Request Smuggling Vulnerability

A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks.

This vulnerability is due to improper validation of input that is passed to the Clientless SSL VPN component. An attacker could exploit this vulnerability by convincing a targeted user to visit a website that can pass malicious requests to an ASA device that has the Clientless SSL VPN feature enabled. A successful exploit could allow the attacker to conduct browser-based attacks, including cross-site scripting attacks, against the targeted user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-LOeKsNmO

     
         
Security Impact Rating:  Medium
   
   
       
CVE: CVE-2022-20713
Source: Cisco Adaptive Security Appliance Software Clientless SSL VPN Client-Side Request Smuggling Vulnerability