Security News > 2021 > June > XSS Vulnerability in Cisco Security Products Exploited in the Wild

XSS Vulnerability in Cisco Security Products Exploited in the Wild
2021-06-28 11:31

A cross-site scripting vulnerability patched last year in Cisco's Adaptive Security Appliance and Firepower Threat Defense software has reportedly been exploited in the wild.

Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept exploit for the vulnerability tracked as CVE-2020-3580.

CVE-2020-3580 is one of the several XSS vulnerabilities patched in October 2020 by Cisco in its ASA and FTD products.

In its advisory, Cisco described CVE-2020-3580 and the other XSS flaws as medium-severity issues introduced by insufficient validation of user-supplied input in the web services interface of the affected devices.

The company's advisory currently does not mention anything about the flaw being exploited for malicious purposes.

Hackers exploiting vulnerabilities in Cisco ASA and FTD software in their attacks is not unheard of.


News URL

http://feedproxy.google.com/~r/securityweek/~3/N2WMmYvlszU/xss-vulnerability-cisco-security-products-exploited-wild

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-3580 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.
network
low complexity
cisco CWE-79
6.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751