CVE-2023-20042 - 漏洞详情

CVE-2023-20042 (CNNVD-202311-106)

MEDIUM

中文标题:

Cisco Firepower Threat Defense 跨站脚本漏洞

英文标题:

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Softwar...

CVSS分数: 6.8

发布时间: 2023-11-01 17:11:08

漏洞类型: 跨站脚本

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Cisco Firepower Threat Defense（FTD）是美国思科（Cisco）公司的一套提供下一代防火墙服务的统一软件。 Cisco Firepower Threat Defense、Cisco Adaptive Security Appliance存在跨站脚本漏洞，该漏洞源于 SSL/TLS 会话处理过程中存在错误，可能会阻止释放会话处理程序，攻击者利用该漏洞可以在受影响的设备上造成拒绝服务 (DoS)。

英文描述:

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition.

CWE类型:

CWE-404

受影响产品

厂商	产品	版本	版本范围	平台	CPE
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.1	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.1:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.1.28	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.1.28:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.2	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.2:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.2.3	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.2.3:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.2.7	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.2.7:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.2.11	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.2.11:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.2.13	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.2.13:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.2.14	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.2.14:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.3	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.3:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.3.3	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.3.3:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.3.14	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.3.14:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.3.15	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.3.15:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.3.19	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.3.19:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.3.23	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.3.23:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.4	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.4:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.16.4.9	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.16.4.9:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.17.1	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.17.1:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.17.1.7	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.17.1.7:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.17.1.9	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.17.1.9:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.17.1.10	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.17.1.10:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.17.1.11	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.17.1.11:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.17.1.13	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.17.1.13:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.17.1.15	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.17.1.15:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.17.1.20	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.17.1.20:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.18.1	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.18.1:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.18.1.3	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.18.1.3:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.18.2	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.18.2:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.18.2.5	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.18.2.5:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.18.2.7	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.18.2.7:::::::*`
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.19.1	-	-	`cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:9.19.1:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.0.0	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.0.0:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.0.0.1	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.0.0.1:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.0.1	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.0.1:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.0.1.1	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.0.1.1:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.0.2	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.0.2:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.0.2.1	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.0.2.1:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.0.3	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.0.3:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.0.4	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.0.4:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.0.5	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.0.5:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.1.0	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.1.0:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.1.0.1	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.1.0.1:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.1.0.2	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.1.0.2:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.1.0.3	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.1.0.3:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.2.0	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.2.0:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.2.0.1	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.2.0.1:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.2.1	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.2.1:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.2.2	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.2.2:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.2.3	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.2.3:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.3.0	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.3.0:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.3.1	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.3.1:::::::*`
Cisco	Cisco Firepower Threat Defense Software	7.3.1.1	-	-	`cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:7.3.1.1:::::::*`
cisco	firepower_threat_defense	7.0.0	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:::::::*`
cisco	firepower_threat_defense	7.0.0.1	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:::::::*`
cisco	firepower_threat_defense	7.0.1	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:::::::*`
cisco	firepower_threat_defense	7.0.1.1	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:::::::*`
cisco	firepower_threat_defense	7.0.2	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:::::::*`
cisco	firepower_threat_defense	7.0.2.1	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:::::::*`
cisco	firepower_threat_defense	7.0.3	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:::::::*`
cisco	firepower_threat_defense	7.0.4	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.0.4:::::::*`
cisco	firepower_threat_defense	7.0.5	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.0.5:::::::*`
cisco	firepower_threat_defense	7.1.0	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:::::::*`
cisco	firepower_threat_defense	7.1.0.1	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:::::::*`
cisco	firepower_threat_defense	7.1.0.2	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:::::::*`
cisco	firepower_threat_defense	7.1.0.3	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:::::::*`
cisco	firepower_threat_defense	7.2.0	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:::::::*`
cisco	firepower_threat_defense	7.2.0.1	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:::::::*`
cisco	firepower_threat_defense	7.2.1	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:::::::*`
cisco	firepower_threat_defense	7.2.2	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:::::::*`
cisco	firepower_threat_defense	7.2.3	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:::::::*`
cisco	firepower_threat_defense	7.3.0	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:::::::*`
cisco	firepower_threat_defense	7.3.1	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:::::::*`
cisco	firepower_threat_defense	7.3.1.1	-	-	`cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:::::::*`
cisco	adaptive_security_appliance_software	9.16.1	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:::::::*`
cisco	adaptive_security_appliance_software	9.16.1.28	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1.28:::::::*`
cisco	adaptive_security_appliance_software	9.16.2	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2:::::::*`
cisco	adaptive_security_appliance_software	9.16.2.3	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.3:::::::*`
cisco	adaptive_security_appliance_software	9.16.2.7	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.7:::::::*`
cisco	adaptive_security_appliance_software	9.16.2.11	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.11:::::::*`
cisco	adaptive_security_appliance_software	9.16.2.13	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.13:::::::*`
cisco	adaptive_security_appliance_software	9.16.2.14	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.14:::::::*`
cisco	adaptive_security_appliance_software	9.16.3	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3:::::::*`
cisco	adaptive_security_appliance_software	9.16.3.3	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.3:::::::*`
cisco	adaptive_security_appliance_software	9.16.3.14	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.14:::::::*`
cisco	adaptive_security_appliance_software	9.16.3.15	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.15:::::::*`
cisco	adaptive_security_appliance_software	9.16.3.19	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.19:::::::*`
cisco	adaptive_security_appliance_software	9.16.3.23	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.23:::::::*`
cisco	adaptive_security_appliance_software	9.16.4	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4:::::::*`
cisco	adaptive_security_appliance_software	9.16.4.9	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4.9:::::::*`
cisco	adaptive_security_appliance_software	9.17.1	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1:::::::*`
cisco	adaptive_security_appliance_software	9.17.1.7	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.7:::::::*`
cisco	adaptive_security_appliance_software	9.17.1.9	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.9:::::::*`
cisco	adaptive_security_appliance_software	9.17.1.10	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.10:::::::*`
cisco	adaptive_security_appliance_software	9.17.1.11	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.11:::::::*`
cisco	adaptive_security_appliance_software	9.17.1.13	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.13:::::::*`
cisco	adaptive_security_appliance_software	9.17.1.15	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.15:::::::*`
cisco	adaptive_security_appliance_software	9.17.1.20	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.20:::::::*`
cisco	adaptive_security_appliance_software	9.18.1	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1:::::::*`
cisco	adaptive_security_appliance_software	9.18.1.3	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1.3:::::::*`
cisco	adaptive_security_appliance_software	9.18.2	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2:::::::*`
cisco	adaptive_security_appliance_software	9.18.2.5	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.5:::::::*`
cisco	adaptive_security_appliance_software	9.18.2.7	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.7:::::::*`
cisco	adaptive_security_appliance_software	9.19.1	-	-	`cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

cisco-sa-asaftd-ssl-dos-kxG8mpUA OTHER
cve.org

访问

CVSS评分详情

3.1 (cna)

MEDIUM

6.8

CVSS向量: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

机密性

NONE

完整性

NONE

可用性

HIGH

时间信息

发布时间:

2023-11-01 17:11:08

修改时间:

2024-08-02 08:57:35

创建时间:

2025-11-11 15:38:02

更新时间:

2025-11-11 15:58:18

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2023-20042`	2025-11-11 15:21:47	2025-11-11 07:38:02
NVD	`nvd_CVE-2023-20042`	2025-11-11 14:59:12	2025-11-11 07:46:12
CNNVD	`cnnvd_CNNVD-202311-106`	2025-11-11 15:11:21	2025-11-11 07:58:18

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:58:18

vulnerability_type: 未提取 → 跨站脚本; cnnvd_id: 未提取 → CNNVD-202311-106; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 跨站脚本
cnnvd_id: 未提取 -> CNNVD-202311-106
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:46:12

affected_products_count: 51 → 102; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

affected_products_count: 51 -> 102
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2023-20042 (CNNVD-202311-106)

中文标题:

Cisco Firepower Threat Defense 跨站脚本漏洞

英文标题:

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Softwar...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

3.1 (cna)

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史