Cisco flaw under attack after researchers publish exploit PoC

News
By published

Hackers are launching XSS attacks against unpatched Cisco ASA systems

The Cisco logo as fixed onto a device
(Image credit: Shutterstock)

Hackers are targeting a vulnerability in Cisco’s Adaptive Security Appliance (ASA) after security researchers published a proof-of-concept (PoC) for a successful exploit.

What is cross-site scripting (XSS)? What is ethical hacking? White hat hackers explained Weekly threat roundup: DuckDuckGo, Chrome, Cisco

Positive Technologies SWARM, the security company’s offensive research team, published an exploit PoC for the flaw tracked as CVE-2020-3580 last week. This was originally patched in October 2020 alongside CVE-2020-3581 through to CVE-2020-3583.

This issue, which is considered to be moderately severe, concerns multiple vulnerabilities in the web services interface of Cisco ASA software and Cisco Firepower Threat Defense (FTD) software.

On unpatched systems, Cisco ASA/FTD software web services don’t sufficiently validate user-supplied inputs. To exploit the bug successfully, hackers would need to convince a user on the interface to click on a malicious link. The vulnerability is rated 6.1 out of ten on the CVSS threat severity scale.

Exploitation could allow an attacker to remotely conduct cross-site scripting (XSS) attacks on affected devices that haven’t been patched. Cisco ASA Software is the core operating system that powers the Cisco ASA family, comprising devices that offer firewall tools among other security-oriented services.

Since the PoC was posted online, Positive Technologies researcher Mikhail Klyuchnikov reported that many other researchers are also chasing bug bounties for this vulnerability. Tenable researchers have also reported that attacks are exploiting CVE-2020-3580.

RELATED RESOURCE

The secure cloud configuration imperative

The central role of cloud security posture management

FREE DOWNLOAD

Cisco issued a patch for this flaw in October 2020, but the fix for CVE-2020-3581 was only partial, and the company had to issue a second patch in April this year. As of last July, there were 85,000 ASA/FTD devices distributed across the business landscape.

Cisco Adaptive Security Appliance (ASA) Software is the core operating system that powers the Cisco ASA family. It offers firewall tools for various ASA devices, with ASA Software also integrating with other critical security technologies to deliver security-oriented products.

Businesses are being advised to patch their systems with the latest update to avoid falling victim to successful attacks.

Keumars Afifi-Sabet
Keumars Afifi-Sabet
Contributor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.

Male software developer using AI coding tools on a laptop computer while sitting at a desk with earphones on in an open-plan office environment.

Lenovo: Enterprises aren't ready to take advantage of AI productivity gains
Oracle

UK cloud infrastructure set for boost amid $5 billion Oracle investment
A CGI render of a warning symbol representing malware, sitting on an abstract computer surface. Decorative: the warning sign is glowing red and there is blue and yellow diffused light throughout.

What is an APT and how are they tracked?
See more latest
Most Popular
Male software developer using AI coding tools on a laptop computer while sitting at a desk with earphones on in an open-plan office environment.
Lenovo: Enterprises aren't ready to take advantage of AI productivity gains
Oracle
UK cloud infrastructure set for boost amid $5 billion Oracle investment
Cisco logo and branding pictured at the Mobile World Congress in Barcelona, 2023.
Cisco unveils new agentic AI tools to improve customer and employee experience
Thomas Kurian, CEO at Google Cloud, sat next to Demis Hassabis, CEO at Google DeepMind, Mark Read, CEO at WPP, and Allison Kirkby, CEO at BT Group, at the Gemini for the United Kingdom live event held at the Google DeepMind HQ in London.
Google Cloud announces UK data residency for agentic AI services
A hand on a keyboard in a dark room
Alleged LockBit developer extradited to the US
Github logo on a laptop computer arranged in the Brooklyn borough of New York, US, on Friday, March 31, 2023
Organizations urged to act fast after GitHub Action supply chain attack
Female job candidate with short hair participating in a video call interview while using AI tools on small tablet device out of view of the recruiter.
‘If you want to look like a flesh-bound chatbot, then by all means use an AI teleprompter’: Amazon banned candidates from using AI tools during interviews – here’s why you should never use them to secure a job
Jeremy Fleming, former head of GCHQ, onstage with Haider Pasha, chief security officer, EMEA & LATAM at Palo Alto Networks at Ignite London 2025.
Businesses must get better at sharing cyber information, urges former GCHQ chief
A Dell Inspiron 14 AI PC pictured inside a Best Buy store on Black Friday in Pinole.
AI PCs are becoming a no-brainer for IT decision makers
Wifi symbol, internet connection, business, global communication, mobile network, 5g, mobile phone
94% of Wi-Fi networks are vulnerable to deauthentication attacks