The vulnerability was patched in October 2020 as part of a security advisory released by Cisco to address multiple cross-site scripting (XSS) vulnerabilities in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software web services. For the CVE-2020-3580, the initial patch was incomplete and a further fix was released in April 2021. On 24th June 2021, researchers published via twitter, a PoC exploit for the Cisco ASA vulnerability identified as CVE-2020-3580.
OVERVIEW
▪ This advisory is in line with the recent revelation of a proof-of-concept (PoC) exploit for a known cross-site scripting (XSS) vulnerability (CVE-2020-3580) in the Cisco Adaptive Security Appliance (ASA).
▪ The vulnerability was patched in October 2020 as part of a security advisory released by Cisco to address multiple cross-site scripting (XSS) vulnerabilities in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software web services.
▪ For the CVE-2020-3580, the initial patch was incomplete and a further fix was released in April 2021.
▪ As per reports, since the exploit code is published globally, threat actors have commenced XSS assaults in the wild towards entities that have not yet patched their devices.