Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online

<div class="separator"><a href="https://thehackernews.com/images/-tjjYBmcca9c/YNluSotRJvI/AAAAAAAADAo/Xa7v4Mhy6ckqFcAlDlyulMQJaAFb4NMvwCLcBGAsYHQ/s0/cisco.jpg"></a></div> <p>A security vulnerability in Cisco Adaptive Security Appliance (ASA) that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept (PoC) exploit code.</p> <p>The PoC was <a href="https://twitter.com/ptswarm/status/1408050644460650502" rel="noopener" target="_blank">published</a> by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers are chasing after an exploit for the bug.</p> <div class="ad_two clear"><center class="cf"><a href="https://go.thn.li/1-free-728-9" rel="nofollow noopener sponsored" target="_blank" title="Stack Overflow Teams"><img alt="Stack Overflow Teams" class="lazyload" src="https://thehackernews.com/images/-W-YXfspkl8I/YMt1op6vO6I/AAAAAAAA4Q4/SnWv_Gbl-RMg2BM3YaU9IL1sLek-JjiUACLcBGAsYHQ/s728-e100/free-ad-9-728.png"></a></center></div> <p>“Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild,” the cyber exposure company <a href="https://www.tenable.com/blog/cve-2020-3580-proof-of-concept-published-for-cisco-asa-flaw-patched-in-october" rel="noopener" target="_blank">said</a>.</p> <div class="separator"><a href="https://thehackernews.com/images/-2-rqA8MJiRM/YNlrTddMsEI/AAAAAAAADAg/pGvuWEREWDEGI3u_A6lMsi6FBLq6Pr0XwCLcBGAsYHQ/s0/cisco-exploit.jpg"><img alt="Cisco ASA Exploit" border="0" data-original-height="416" data-original-width="728" src="https://thehackernews.com/images/-2-rqA8MJiRM/YNlrTddMsEI/AAAAAAAADAg/pGvuWEREWDEGI3u_A6lMsi6FBLq6Pr0XwCLcBGAsYHQ/s728-e1000/cisco-exploit.jpg" title="Cisco ASA Exploit"></a></div> <p>Tracked as <a href="https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-asaftd-xss-multiple-FCB3vPZe.html" rel="noopener" target="_blank">CVE-2020-3580</a> (CVSS score: 6.1), the issue concerns multiple vulnerabilities in the web services interface of Cisco ASA software and Cisco Firepower Threat Defense (FTD) software that could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks on an affected device.</p> <p>As of July 2020, there were a little over <a href="https://www.rapid7.com/blog/post/2020/07/23/cve-2020-3452-cisco-asa-firepower-read-only-path-traversal-vulnerability-what-you-need-to-know/" rel="noopener" target="_blank">85,000 ASA/FTD devices</a>, 398 of which are spread across 17% of the Fortune 500 companies, according to cybersecurity company Rapid7.</p> <div class="ad_two clear"><center class="cf"><a href="https://go.thn.li/auth_300" rel="nofollow noopener sponsored" target="_blank" title="Enterprise Password Management"><img alt="Enterprise Password Management" class="lazyload" src="https://thehackernews.com/images/-SBDa0OwIyQY/YLy9M341QGI/AAAAAAAA4BM/m6-TrBrJenABekCqMu1Gp2XbmtAaeHd9ACLcBGAsYHQ/s300-e100/auth_300.jpg"></a></center></div> <p>Successful exploitation, such as scenarios where a user of the interface is convinced to click a specially-crafted link, could permit the adversary to execute arbitrary JavaScript code in the context of the interface or access sensitive, browser-based information.</p> <p>Although Cisco remediated the flaw in October 2020, the network equipment company subsequently determined the fix be “incomplete,” thereby requiring a second round of patches that were released on April 28, 2021.</p> <p>In light of public PoC availability, it’s recommended that organizations prioritize patching CVE-2020-3580 to mitigate the risk associated with the flaw.</p> <p></p> <p>The post <a rel="nofollow" href="https://patabook.com/technology/2021/06/29/cisco-asa-flaw-under-active-attack-after-poc-exploit-posted-online/">Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online</a> appeared first on <a rel="nofollow" href="https://patabook.com/technology">Patabook Technology</a>.</p>

source https://patabook.com/blogs/100285/Cisco-ASA-Flaw-Under-Active-Attack-After-PoC-Exploit-Posted