Cisco issued an updated advisory warning of active exploits in the wild against a Cisco security appliance XSS vulnerability CVE-2020-3580. Proof of concept (PoC) exploit code has also been released to the public.
Cisco originally released patches in October 2020 for multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. The vulnerabilities are caused by insufficient validation of user-supplied input by the web services interface of an affected device.
As a result, a remote attacker could launch a cross-site scripting (XSS) attack against a user of the web services interface of an affected device.
Researchers at Positive Technologies published the PoC for the vulnerability (CVE-2020-3580) via a tweet on June 24:
Shortly afterwards, other researchers were also chasing bug bounties for this vulnerability and confirmed attackers were exploiting in the wild:
Moreover, researchers from Tenable also posted more details on the issues in a blog post last Thursday.
Cisco confirmed that these vulnerabilities affected Cisco products running a unpatched version of Cisco ASA Software or FTD Software with a vulnerable AnyConnect or WebVPN configuration.
Organizations should prioritize patching affected network devices as soon as possible.