VDB

CVE-2022-20713

CVE-2022-20713 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks. This vulnerability is due to improper validation of input that is passed to the Clientless SSL VPN component. An attacker could exploit this vulnerability by convincing a targeted user to visit a website that can pass malicious requests to an ASA device that has the Clientless SSL VPN feature enabled. A successful exploit could allow the attacker to conduct browser-based attacks, including cross-site scripting attacks, against the targeted user.

EPSS 1.72% · 82.8th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
1.72%
82.8th percentile

Affected Products

VendorProductVersions
CiscoCisco Adaptive Security Appliance (ASA) Software9.8.4.7, 9.8.4.10, 9.8.4.12
ciscoadaptive_security_appliance_software9.14.4, 9.14.4.6, 9.14.4.7
ciscofirepower_threat_defense7.3.1, 6.2.3, 6.2.3.2
CiscoCisco Firepower Threat Defense Software6.2.3, 6.4.0.15, 6.2.3.15

Exploit Intelligence

Timeline

  • Aug 10, 2022 CVE Published
  • Aug 11, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Sep 16, 2024 CVE Updated
  • Mar 19, 2025 EPSS Score
  • Mar 20, 2025 EPSS Score
  • Mar 23, 2025 EPSS Score
  • Mar 24, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • May 5, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›