Experts Warn of Attacks on a Cisco ASA Security Flaw due to a new Proof-of-Concept Exploit

RedSeal Cyber Threat Series

Researchers at Positive Technologies have created a proof-of-concept (PoC) exploit that leverages a 2020 Cisco ASA vulnerability. A Cisco administrator would have to click on a link that takes the unsuspecting user to a web page where the malware is downloaded and the Cisco ASA must not be patched. Cisco released a patch for a Medium Severity web services vulnerability that affects the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software CVE-2020-3580. This security flaw can allow an unauthenticated attacker to remotely conduct a cross site scripting (XSS) attack against a user of the web services interface.

Enterprises should patch their Cisco ASA Software and Firepower Software as soon as possible. A successful attack could allow the attacker to execute code or access sensitive browser information.

RedSeal customers should:

Run a custom best practice check to receive a list of vulnerable devices
Create and run daily reports until all affected systems are patched.

For additional details, contact your RedSeal sales representatives or email info@redseal.net

Cybersecurity Best Practices

Keep your devices patched and up to date
Ensure you are using TLS v1.2 or above; disable lower versions of TLS and HTTP
Disable WebVPN or AnyConnect if not in use on your device

References

https://securityaffairs.co/wordpress/119442/hacking/cisco-asa-under-attack.html

https://nvd.nist.gov/vuln/detail/CVE-2020-3580

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe

Experts Warn of Attacks on a Cisco ASA Security Flaw due to a new Proof-of-Concept Exploit

Platform

Services

Government

Partners

Company

Resources