CVE-2020-3580

Description from NVD

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

Information Acquisition Date:2021-06-30T16:40Z
CVSS 2.0: 2.6 LOW CVSS 3.x: 6.1 MEDIUM

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

▼ CVSS2 Vec AV:N/AC:H/Au:N/C:N/I:P/A:N

NVD References

 20201021 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
     source:CISCO
     tags:Patch    Vendor Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Cisco(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://lists.astaro.com/ASGV9-IPS-rules.html26
https://thehackernews.com/2021/06/cisco-asa-flaw-under-acti...8
https://www.helpnetsecurity.com/2021/06/29/cve-2020-3580-ex...8
https://noticiasseguridad.com/vulnerabilidades/codigo-de-ex...4
https://twitter.com/ptswarm/status/14080506444606505023
http://mi6rogue.com/news3
https://threatpost.com/cisco-asa-bug-exploited-poc/167274/3
https://tools.cisco.com/security/center/content/CiscoSecuri...3
https://www.tenable.com/blog/cve-2020-3580-proof-of-concept...3
https://gist.githubusercontent.com/0x240x23elu/c99d44376ffd...3

Information from Twitter

User URL Info Source Date
AnonY0gi https://youtu.be/SjKa2RVoHUE Source AnonY0gi         1581297007649763328 2022/10/15
ipssignatures https://twitter.com/AnonY0gi/status/1581297007649763328 Source ipssignatures    1581496657669427201 2022/10/16

List of frequently cited URLs

URLNum of Times Referred to
lists.astaro.com26
thehackernews.com8
www.helpnetsecurity.com8
noticiasseguridad.com4
twitter.com3
mi6rogue.com3
threatpost.com3
tools.cisco.com3
www.tenable.com3
gist.githubusercontent.com3

Information from Twitter

User URL Info Source
AnonY0gi youtu.be Show Tweet
ipssignatures twitter.com Show Tweet
GitHub Search Results: Up to 10
NameURL
Hudi233/CVE-2020-3580 https://github.com/Hudi233/CVE-2020-3580
GitHub Search Results: Up to 10
NameURL
Hudi233/CVE-2020-3580 github.com
2022/10/25 Score : 1
Added Har-sia Database : 2020/10/22
Last Modified : 2022/10/25
Highest Scored Date : 2021/06/29
Highest Score : 49