Experts warn of attacks against Cisco ASA devices after researchers from Positive Technologies have published a PoC exploit code on Twitter for the CVE-2020-3580 XSS vulnerability.
Tenable experts published an alert about the availability of the PoC exploit for the XSS, they said that after Positive Technologies published it, other researchers are chasing bug bounties for this issue. Tenable also warned of attacks in the wild exploiting the CVE-2020-3580 flaw.
“Shortly after, Mikhail Klyuchnikov, a researcher at Positive Technologies also tweeted that other researchers are chasing bug bounties for this vulnerability. Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild.” reads the alert published by Tenable. alert. “With this new information, Tenable recommends that organizations prioritize patching CVE-2020-3580.”
Tenable researchers explained that successful exploitation would allow the attacker to execute arbitrary code within the interface and access sensitive information.
Researchers pointed out that in a real attack scenario, successful exploitation of this vulnerability requires an attacker to trick an administrative user to login and navigate to the webpage where he implanted the malicious code.
“To exploit any of these vulnerabilities, an attacker would need to convince “a user of the interface” to click on a specially crafted link. Successful exploitation would allow the attacker to execute arbitrary code within the interface and access sensitive, browser-based information.” continues Tenable.
Organizations have to install security updates that address the flaw to prevent attacks exploiting the issue.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Cisco ASA)
[adrotate banner=”5″]
[adrotate banner=”13″]
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical…
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler…
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check…
Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve…
Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads…
This website uses cookies.