CVE-2014-8012

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified)

Description The issue is related to a cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page, which allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie. This vulnerability can be exploited by an unauthenticated, remote attacker who can convince a user to take a malicious action, potentially leading to a XSS attack on the user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.