Cisco security devices targeted with CVE-2020-3580 PoC exploit

Help Net Security

Zeljka Zorz

Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software.

Active attacks apparently started after Positive Technologies researchers shared proof-of-concept (PoC) exploit code last Thursday via Twitter.

About CVE-2020-3580

CVE-2020-3580 was patched by Cisco in October 2020, alonside three additional pre-authentication cross-site scripting (XSS) flaws: CVE-2020-3581, CVE-2020-3582, and CVE-2020-3583.

In April 2021, Cisco released new software updates because the fix for CVE-2020-3581 was incomplete.

The source of all four vulnerabilities was insufficient validation of user-supplied input by...

Get the Morning Update

Thanks for subscribing!