This article has been indexed from Help Net Security
Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software. Active attacks apparently started after Positive Technologies researchers shared proof-of-concept (PoC) exploit code last Thursday via Twitter. 🎁PoC for XSS in Cisco ASA (CVE-2020-3580) POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1Host: ciscoASA.localContent-Type: application/x-www-form-urlencodedContent-Length: 44 SAMLResponse="><svg/onload=alert('PTSwarm')> pic.twitter.com/c53MKSK9bg — PT SWARM (@ptswarm) June 24, 2021 About CVE-2020-3580 CVE-2020-3580 was patched by Cisco in October 2020, alonside three additional pre-authentication cross-site … More
The post Cisco security devices targeted with CVE-2020-3580 PoC exploit appeared first on Help Net Security.
Read the original article: Cisco security devices targeted with CVE-2020-3580 PoC exploit