A group of hackers is scanning the Internet to find Cisco Adaptive Security Appliance (Cisco ASA) devices vulnerable to a flaw for which a proof of concept (PoC) exploit was leaked on Twitter. Tracked as CVE-2020-3580, this is a cross-site scripting (XSS) flaw reported and corrected in October 2020 whose patches proved insufficient to mitigate the risk of exploitation.
As many users may know, after companies or developers fix a security flaw and a time needed to update devices expires, researchers often publish proof of concept (PoC) exploits, in what is one of the most common practices in the cybersecurity community. In this case, experts from the security firm Positive Technologies published the PoC of this flaw on Twitter.
Since some cybercriminal groups are exploiting this flaw in real-world scenarios, it is necessary for administrators of vulnerable Cisco ASA deployments to install the fixes as soon as possible and thus mitigate the risks of exploitation. At the moment, the approximate number of implementations that could have been exposed to the flaw is unknown.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.