CVE-2021-1444

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 18, 2024
CWE ID 79

Summary

CVE-2021-1444 is a vulnerability affecting the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This issue allows unauthenticated, remote attackers to execute cross-site scripting (XSS) attacks against interface users. The vulnerability stems from insufficient input validation by the web services interface of the affected devices. An attacker can exploit this flaw by crafting a malicious link that, if clicked by a user, could lead to arbitrary script code execution or access to sensitive browser-based information. Cisco has released software updates to mitigate the issue, and there are currently no workarounds available. This advisory is included in the October 2021 Cisco ASA, FTD, and FMC Security Advisory Bundled publication.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco Adaptive Security Appliance
  • Cisco Firepower Threat Defense

Affected Vendors

  • Cisco Systems Inc