- June 28, 2021
- Posted by: administrator
- Category: Cisco
Hackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit was published on Twitter.
This Cisco ASA vulnerability is cross-site scripting (XSS) vulnerability that is tracked as CVE-2020-3580.
Cisco first disclosed the vulnerability and issued a fix in October 2020. However, the initial patch for CVE-2020-3580 was incomplete, and a further fix was released in April 2021.
“A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information,” says Cisco’s advisory.
Hackers exploit recently published PoC exploit
After a vulnerability has been fixed and enough time has been given for devices to be upgraded, security researchers commonly publish proof-of-concept (PoC) exploits to share how organizations detect and prevent associated attacks.
On Thursday, researchers from Positive Technologies Offensive Team published a PoC exploit for the Cisco ASA CVE-2020-3580 vulnerability on Twitter.
Soon after the PoC was released, Tenable reported that threat actors are actively exploiting the vulnerability on affected devices but did not disclose what malicious activity was being performed.
“Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild,” said Tenable.
As threat actors are now actively exploiting the vulnerability, it is crucial for administrators to immediately patch vulnerable Cisco ASA devices so threat actors cannot exploit them.
NOTE:: This article is copyright by bleepingcomputer.com and we are using it for educational or Information purpose only