Researcher from Positive technologies has published a POC exploit code for a vulnerability on Cisco ASA(CVE-2020-3580) devices.
“Shortly after, Mikhail Klyuchnikov, a researcher at Positive Technologies also tweeted that other researchers are chasing bug bounties for this vulnerability. Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild.” Researcher said in his Tweet.
An alert was published by Tenable about the vulnerability “an attacker would need to convince “a user of the interface” to click on a specially crafted link. Successful exploitation would allow the attacker to execute arbitrary code within the interface and access sensitive, browser-based information.”
As the researcher has released the POC code for the XSS vulnerability(CVE-2020-3580),it has gained a significant attention in the infosec community. Tenable has informed that cisco has not released any official updates for the POC published and the only solution to fix this issue is to prioritize the patching for the CVE-2020-3580
–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1