Active Exploit of Cisco ASA Vulnerability
7/07/2021

The vulnerability was patched in October 2020 as part of a security advisory released by Cisco to address multiple cross-site scripting (XSS) vulnerabilities in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software web services. For the CVE-2020-3580, the initial patch was incomplete and a further fix was released in April 2021. On 24th June 2021, researchers published via twitter, a PoC exploit for the Cisco ASA vulnerability identified as CVE-2020-3580.

OVERVIEW

▪ This advisory is in line with the recent revelation of a proof-of-concept (PoC) exploit for a known cross-site scripting (XSS) vulnerability (CVE-2020-3580) in the Cisco Adaptive Security Appliance (ASA).

▪ The vulnerability was patched in October 2020 as part of a security advisory released by Cisco to address multiple cross-site scripting (XSS) vulnerabilities in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software web services.

▪ For the CVE-2020-3580, the initial patch was incomplete and a further fix was released in April 2021.

▪ As per reports, since the exploit code is published globally, threat actors have commenced XSS assaults in the wild towards entities that have not yet patched their devices.

Sign Up Here for Download