Experts warn of attacks against Cisco ASA devices after researchers have published a PoC exploit code on Twitter for a known XSS vulnerability.
Experts warn of attacks against Cisco ASA devices after researchers from Positive Technologies have published a PoC exploit code on Twitter for the CVE-2020-3580 XSS vulnerability.
🎁PoC for XSS in Cisco ASA (CVE-2020-3580)
POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1
Host: ciscoASA.local
Content-Type: application/x-www-form-urlencoded
Content-Length: 44SAMLResponse="><svg/onload=alert('PTSwarm')> pic.twitter.com/c53MKSK9bg
— PT SWARM (@ptswarm) June 24, 2021
Tenable experts published an alert about the availability of the PoC exploit for the XSS, they said that after Positive Technologies published it, other researchers are chasing bug bounties for this issue. Tenable also warned of attacks in the wild exploiting the CVE-2020-3580 flaw.
“Shortly after, Mikhail Klyuchnikov, a researcher at Positive Technologies also tweeted that other researchers are chasing bug bounties for this vulnerability. Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild.” reads the alert published by Tenable. alert. “With this new information, Tenable recommends that organizations prioritize patching CVE-2020-3580.”
Tenable researchers explained that successful exploitation would allow the attacker to execute arbitrary code within the interface and access sensitive information.
Researchers pointed out that in a real attack scenario, successful exploitation of this vulnerability requires an attacker to trick an administrative user to login and navigate to the webpage where he implanted the malicious code.
“To exploit any of these vulnerabilities, an attacker would need to convince “a user of the interface” to click on a specially crafted link. Successful exploitation would allow the attacker to execute arbitrary code within the interface and access sensitive, browser-based information.” continues Tenable.
Organizations have to install security updates that address the flaw to prevent attacks exploiting the issue.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, Cisco ASA)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
Experts warn of attacks against Cisco ASA devices after researchers have published a PoC exploit code on Twitter for a known XSS vulnerability.
Experts warn of attacks against Cisco ASA devices after researchers from Positive Technologies have published a PoC exploit code on Twitter for the CVE-2020-3580 XSS vulnerability.
🎁PoC for XSS in Cisco ASA (CVE-2020-3580)
POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1
Host: ciscoASA.local
Content-Type: application/x-www-form-urlencoded
Content-Length: 44SAMLResponse="><svg/onload=alert('PTSwarm')> pic.twitter.com/c53MKSK9bg
— PT SWARM (@ptswarm) June 24, 2021
Tenable experts published an alert about the availability of the PoC exploit for the XSS, they said that after Positive Technologies published it, other researchers are chasing bug bounties for this issue. Tenable also warned of attacks in the wild exploiting the CVE-2020-3580 flaw.
“Shortly after, Mikhail Klyuchnikov, a researcher at Positive Technologies also tweeted that other researchers are chasing bug bounties for this vulnerability. Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild.” reads the alert published by Tenable. alert. “With this new information, Tenable recommends that organizations prioritize patching CVE-2020-3580.”
Tenable researchers explained that successful exploitation would allow the attacker to execute arbitrary code within the interface and access sensitive information.
Researchers pointed out that in a real attack scenario, successful exploitation of this vulnerability requires an attacker to trick an administrative user to login and navigate to the webpage where he implanted the malicious code.
“To exploit any of these vulnerabilities, an attacker would need to convince “a user of the interface” to click on a specially crafted link. Successful exploitation would allow the attacker to execute arbitrary code within the interface and access sensitive, browser-based information.” continues Tenable.
Organizations have to install security updates that address the flaw to prevent attacks exploiting the issue.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, Cisco ASA)