CVSS: 6.4EPSS: 4%CPEs: 221EXPL: 0CVE-2022-20713
https://notcve.org/view.php?id=CVE-2022-20713
10 Aug 2022 — A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is due to improper validation of input that is passed to the VPN web client services component before being returned to the browser that is in use. An attacker could exploit this vulnerability by persuading a user to... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-LOeKsNmO • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.6EPSS: 1%CPEs: 7EXPL: 0CVE-2020-3373 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IP Fragment Memory Leak Vulnerability
https://notcve.org/view.php?id=CVE-2020-3373
21 Oct 2020 — A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could prevent traffic from being processed through the device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper error handling when specific failures occur during IP fragment reassembly. An attacker cou... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-frag-memleak-mCtqdP9n • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •