Cisco security devices targeted with CVE-2020-3580 PoC exploit
Help Net Security
Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software.
Active attacks apparently started after Positive Technologies researchers shared proof-of-concept (PoC) exploit code last Thursday via Twitter.
CVE-2020-3580 was patched by Cisco in October 2020, alonside three additional pre-authentication cross-site scripting (XSS) flaws: CVE-2020-3581, CVE-2020-3582, and CVE-2020-3583.
In April 2021, Cisco released new software updates because the fix for CVE-2020-3581 was incomplete.
The source of all four vulnerabilities was insufficient validation of user-supplied input by...