Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability

Vulnerability

The web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) does not properly validate user-supplied input, allowing a stored cross-site scripting (XSS) vulnerability [1]. Affected versions include all releases prior to 14.5, such as 14.1 and earlier [1]. The issue resides in the interface where attackers can insert malicious data into a specific data field, which is later rendered without sanitization.

Exploitation

An attacker must be authenticated to the web-based management interface of an affected Cisco WSA device [1]. The attacker then crafts malicious script code and injects it into the vulnerable data field. When a victim user subsequently accesses the affected interface, the stored script executes in the context of the victim's browser session [1]. No additional user interaction beyond viewing the interface is required for the stored payload to trigger.

Impact

Successful exploitation allows the attacker to execute arbitrary script code in the context of the victim's interface session [1]. This can lead to actions such as session hijacking, credential theft, or other malicious activities performed under the victim's privileges within the web-based management interface. The attack compromises the confidentiality and integrity of the interface's data.

Mitigation

Cisco has released fixed software version 14.5 for Cisco AsyncOS Software on WSA to address this vulnerability [1]. Customers should upgrade to the specified fixed release or later. No workaround is mentioned in the advisory. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of publication [1].