A Cisco ASA Vulnerability Is Actively Exploited
After the PoC Exploit Was Published on Twitter the Hackers Started to Exploit a Vulnerability Found in the Cisco ASA Devices.
This specific Cisco ASA vulnerability is a cross-site scripting (XSS) vulnerability tracked as CVE-2020-3580. Cisco was the first to disclose the vulnerability as they issued a fix in October 202o but it seems that the initial patch issued for the Cisco ASA vulnerability CVE-2020-3580 was incomplete, as a further fix was released in April 2021.
The Cisco ASA is a cybersecurity perimeter-defense appliance that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities, therefore the successful exploitation in regard to this means that unauthenticated, remote attackers might be able to execute arbitrary code within the [ASA] interface.
Unfortunately, the possibilities of an XSS attack are almost limitless, oftentimes including the transmission of private data, like cookies or other session information to the attacker.
A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.
Hackers Are Exploiting the Cisco ASA Vulnerability
It’s a well-known fact that after a vulnerability is fixed and enough time was given for devices to be upgraded, security researchers usually publish the proof-of-concept (PoC) exploits in an attempt to share the way in which organizations are detecting and preventing associated attacks.
🎁PoC for XSS in Cisco ASA (CVE-2020-3580)
POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1
— PT SWARM (@ptswarm) June 24, 2021
The attackers did not need too much time to start actively exploiting the vulnerability as Tenable received reports that attackers are exploiting the CVE on affected devices but did not say what malicious activity was being performed.
Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild.
It’s important to note that it is crucial for administrators to patch any vulnerable Cisco ASA devices so threat actors cannot exploit them as threat actors are now able to actively exploit the vulnerability.