Cisco ASA vulnerability actively exploited after POC exploit released online

Hackers are actively scanning for and exploiting a vulnerability in Cisco ASA devices.

 

This Cisco ASA vulnerability is a cross-site scripting (XSS) vulnerability that has been tracked as CVE-2020-3580.

 

On June 24, researchers from cybersecurity firm Positive Technologies published a proof-of-concept, prompting reports that attackers are pursuing an exploit for the bug.

 

Positive Technologies Offensive Team researchers shared a proof-of-concept exploit for the Cisco ASA CVE-2020-3580 vulnerability on Twitter.

 

Cisco first revealed the vulnerability and released a patch in October 2020.

 

 

 Attack, Cisco, Exploit, PoC, Vulnerability, Security, InfoSec, Computer Security, antivirus, backdoor, Computer Security, Computer Security news, computers, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, cyberattack, Cyberattack news, cyberattacks, cybercrime, cybercriminals, cybersafe news, cybersecurity, cybersecurity news now, cybersecurity news today, dark web, data breach, Data leak, data stealing malware, DDoS, Distributed Denial of Service, DuckDuckGo, Email, email security, exploit, Google, hacker news, Hacks, Infected Installer, Info Stealer, information security, Information Stealer, InfoSec, infosec news, Kelihos botnet, latest cybernews today, latest cybersecurity news today, linux, Mac, Malicious email campaign, Malvertising, Malware, malware app, malware removal, mining bots, Mobile Security, network security, Nuclear, online security, personal data exposed, Phishing, Privacy, python bot, ransomware, ransomware attack, ransomware attacks 2021, ransomware gang, ransomware group, ransomware malware, ransomware news, RAT, RCE, recent ransomware attacks, Remote Access Trojan, Remote Code Execution, remote desktop app, remote desktop app virus, remote desktop malware, REvil, rootkit, search engine, Security, security flaw, smartphone, software vulnerability, Spam, spyware, Supply Chain, tech, tech news, tech support, tech updates, technical support, Technology, trojan, virus, virus removal, Vulnerabilities, Vulnerability, Web Security, Cisco ASA vulnerability

 

 

 

The initial patch for CVE-2020-3580, however, was incomplete, and a follow-up patch was released in April 2021.

 

This vulnerability allows an unauthenticated threat actor to send targeted phishing emails or malicious links to a Cisco ASA device user, enabling the user’s browser to execute JavaScript commands.

 

When a user visits a specially created malicious webpage, the published exploit will show a JavaScript alert in their browser.

 

However, other JavaScript commands could have been executed by the malicious webpage to perform malicious actions.

 

Tenable stated that threat actors are actively exploiting the vulnerability on affected devices shortly after the PoC was revealed, but did not specify what malicious activity was being carried out.

 

“Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild,” said Tenable.

 

As threat actors are actively exploiting the vulnerability, administrators must patch vulnerable Cisco ASA devices as soon as possible to prevent threat actors from abusing them.

 

Also read:

 

Crypto mining malware – Crackonosh mined Monero worth $2 million

Dell BIOSConnect code execution bugs affect millions of devices

New GoLang Trojan, ChaChi used in attacks against US schools

Tor Browser fixes vulnerability that tracks you using installed apps: Report

Cybercriminals could possibly exploit Samsung pre-installed apps for spying