Security News > 2021 > June > XSS Vulnerability in Cisco Security Products Exploited in the Wild
A cross-site scripting vulnerability patched last year in Cisco's Adaptive Security Appliance and Firepower Threat Defense software has reportedly been exploited in the wild.
Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept exploit for the vulnerability tracked as CVE-2020-3580.
CVE-2020-3580 is one of the several XSS vulnerabilities patched in October 2020 by Cisco in its ASA and FTD products.
In its advisory, Cisco described CVE-2020-3580 and the other XSS flaws as medium-severity issues introduced by insufficient validation of user-supplied input in the web services interface of the affected devices.
The company's advisory currently does not mention anything about the flaw being exploited for malicious purposes.
Hackers exploiting vulnerabilities in Cisco ASA and FTD software in their attacks is not unheard of.
News URL
Related news
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Setting a security standard: From vulnerability to exposure management (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-3580 | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |