Security News > 2021 > June > Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online

A security vulnerability in Cisco Adaptive Security Appliance that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept exploit code.
The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers are chasing after an exploit for the bug.
"Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild," the cyber exposure company said.
Tracked as CVE-2020-3580, the issue concerns multiple vulnerabilities in the web services interface of Cisco ASA software and Cisco Firepower Threat Defense software that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks on an affected device.
As of July 2020, there were a little over 85,000 ASA/FTD devices, 398 of which are spread across 17% of the Fortune 500 companies, according to cybersecurity company Rapid7.
Although Cisco remediated the flaw in October 2020, the network equipment company subsequently determined the fix to be "Incomplete," thereby requiring a second round of patches that were released on April 28, 2021.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/1WrluhSo0Pk/cisco-asa-flaw-under-active-attack.html
Related news
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) (source)
- PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Online crime-as-a-service skyrockets with 24,000 users selling attack tools (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-21 | CVE-2020-3580 | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |