RedSeal Cyber Threat Series
Researchers at Positive Technologies have created a proof-of-concept (PoC) exploit that leverages a 2020 Cisco ASA vulnerability. A Cisco administrator would have to click on a link that takes the unsuspecting user to a web page where the malware is downloaded and the Cisco ASA must not be patched. Cisco released a patch for a Medium Severity web services vulnerability that affects the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software CVE-2020-3580. This security flaw can allow an unauthenticated attacker to remotely conduct a cross site scripting (XSS) attack against a user of the web services interface.
Enterprises should patch their Cisco ASA Software and Firepower Software as soon as possible. A successful attack could allow the attacker to execute code or access sensitive browser information.
RedSeal customers should:
- Run a custom best practice check to receive a list of vulnerable devices
- Create and run daily reports until all affected systems are patched.
For additional details, contact your RedSeal sales representatives or email info@redseal.net
Cybersecurity Best Practices
- Keep your devices patched and up to date
- Ensure you are using TLS v1.2 or above; disable lower versions of TLS and HTTP
- Disable WebVPN or AnyConnect if not in use on your device
References
https://securityaffairs.co/wordpress/119442/hacking/cisco-asa-under-attack.html
