A proof-of-concept exploit for a vulnerability affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software has been released by the Offensive Team at Positive Technologies.
The vulnerability is a cross-site scripting flaw tracked as CVE-2020-3580. The vulnerability is one of four flaws that have been patched by Cisco that are due to Cisco ASA and FTD software not sufficiently validating user-supplied inputs. The other three vulnerabilities are tracked as CVE-2020-3581, CVE-2020-3582, and CVE-2020-3583.
Since the PoC exploit was released, researchers at Tenable have identified threat actors actively scanning for the vulnerability and report that there have been cases where the vulnerability has been exploited.
Cisco announced the vulnerabilities in October 2020 and released a patch to correct the flaws; however, the patch did not fully correct the CVE-2020-3580 vulnerability. Cisco released a second patch in April 2021 that completely fixed the issue; however, despite having two months to apply the permanent fix, many Cisco ASA users have not yet applied the update and are vulnerable to attack.
Now that the PoC exploit is in the public domain and is being actively exploited, ASA users that have yet to apply the April 2021 patch are vulnerable to attack and should immediately apply the April 2021 patch to prevent the flaw from being exploited.