CVE-2024-20341

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description: A vulnerability in the VPN web client services feature could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. This issue is due to improper validation of user-supplied input to application endpoints. An attacker could exploit this by persuading a user to follow a link designed to submit malicious input to the affected application, potentially allowing the attacker to execute arbitrary HTML or script code in the browser in the context of the web services page.

Recommendations: For Cisco Adaptive Security Appliance (ASA) Software, update to a version that includes the fix for this issue. For Cisco Firepower Threat Defense (FTD) Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the VPN web client services feature until a patch is available. Avoid using links from untrusted sources to minimize the risk of exploitation.