Cisco flaw under attack after researchers publish exploit PoC
Hackers are targeting a vulnerability in Cisco’s Adaptive Security Appliance (ASA) after security researchers published a proof-of-concept (PoC) for a successful exploit.
Positive Technologies SWARM, the security company’s offensive research team, published an exploit PoC for the flaw tracked as CVE-2020-3580 last week. This was originally patched in October 2020 alongside CVE-2020-3581 through to CVE-2020-3583.
This issue, which is considered to be moderately severe, concerns multiple vulnerabilities in the web services interface of Cisco ASA software and Cisco Firepower Threat Defense (FTD) software. On unpatched systems, Cisco ASA/FTD software web services don’t sufficiently validate user-supplied inputs. To exploit the bug successfully, hackers would need to convince a user on the interface to click on a malicious link. The vulnerability is rated 6.1 out of ten on the CVSS threat severity scale.