Hackers target Cisco ASA devices after a PoC exploit code was published online

Experts warn of attacks against Cisco ASA devices after researchers have published a PoC exploit code on Twitter for a known XSS vulnerability.

Experts warn of attacks against Cisco ASA devices after researchers from Positive Technologies have published a PoC exploit code on Twitter for the CVE-2020-3580 XSS vulnerability.

Tenable experts published an alert about the availability of the PoC exploit for the XSS, they said that after Positive Technologies published it, other researchers are chasing bug bounties for this issue. Tenable also warned of attacks in the wild exploiting the CVE-2020-3580 flaw.

“Shortly after, Mikhail Klyuchnikov, a researcher at Positive Technologies also tweeted that other researchers are chasing bug bounties for this vulnerability. Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild.” reads the alert published by Tenable. alert. “With this new information, Tenable recommends that organizations prioritize patching CVE-2020-3580.”

Tenable researchers explained that successful exploitation would allow the attacker to execute arbitrary code within the interface and access sensitive information.

Researchers pointed out that in a real attack scenario, successful exploitation of this vulnerability requires an attacker to trick an administrative user to login and navigate to the webpage where he implanted the malicious code.

“To exploit any of these vulnerabilities, an attacker would need to convince “a user of the interface” to click on a specially crafted link. Successful exploitation would allow the attacker to execute arbitrary code within the interface and access sensitive, browser-based information.” continues Tenable.

Organizations have to install security updates that address the flaw to prevent attacks exploiting the issue.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco ASA)

[adrotate banner=”5″]

[adrotate banner=”13″]