Cisco WebVPN

A vulnerability found in the Login screen of the Clientless SSL VPN (WebVPN) portal of the Cisco Adaptive Security Appliance (ASA) could allow a threat actor to conduct a cross-site scripting (XSS) attack. Due to inadequate user validation, a threat actor can exploit CVE-2018-0242 to execute arbitrary code or access sensitive browser-based information. There is currently no workaround to address the flaw. The NJCCIC recommends all users and administrators of Cisco ASA software review the Cisco Security Advisory, visit the Cisco bug ID page for information on affected software releases, and apply the patch or workaround if/when it becomes available.

AdvisoryNJCCICCisco, WebVPN, VPN