CVE-2021-1444
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2021-1444 is a vulnerability affecting the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This issue allows unauthenticated, remote attackers to execute cross-site scripting (XSS) attacks against interface users. The vulnerability stems from insufficient input validation by the web services interface of the affected devices. An attacker can exploit this flaw by crafting a malicious link that, if clicked by a user, could lead to arbitrary script code execution or access to sensitive browser-based information. Cisco has released software updates to mitigate the issue, and there are currently no workarounds available. This advisory is included in the October 2021 Cisco ASA, FTD, and FMC Security Advisory Bundled publication.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Adaptive Security Appliance
- Cisco Firepower Threat Defense
Affected Vendors
- Cisco Systems Inc