Key Information 1. Vulnerability Description: - Name: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerability - Affected Products: Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software - Exploitation Factor: Unauthenticated remote attackers can exploit this vulnerability by tricking users into clicking malicious links, allowing execution of arbitrary script code or access to sensitive information. 2. Affected Products: - ASA Software: Versions 9.7 and earlier, 9.9, 9.10, 9.13, 9.14, 9.15, 9.16 - FTD Software: Versions 6.2.2 and earlier, 6.2.3, 6.3.0, 6.4.0, 6.5.0, 6.6.0, 6.7.0, 7.0.0 3. Remediation: - Software Update: Software updates are available to address this vulnerability. - Workarounds: No workarounds are available. 4. Affected Configurations: - ASA Software: Specific configurations such as IKEv2 remote access, SSL VPN access, etc. - FTD Software: Specific configurations such as IKEv2 remote access, SSL VPN access, etc. 5. Confirmed Affected Products: - ASA Software: Versions 9.7 and earlier, 9.9, 9.10, 9.13, 9.14, 9.15, 9.16 - FTD Software: Versions 6.2.2 and earlier, 6.2.3, 6.3.0, 6.4.0, 6.5.0, 6.6.0, 6.7.0, 7.0.0 6. Source: - Reporter: Maxim Suslov - URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-xss-webui-gQLSFyPM Summary This vulnerability allows unauthenticated remote attackers to execute arbitrary script code or access sensitive information by tricking users into clicking malicious links. The affected products include specific versions of Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense software. Affected users are advised to update their software as soon as possible to remediate this vulnerability.