CVE-2020-3580

Description from NVD

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

Information Acquisition Date:2021-06-30T16:40Z
CVSS 2.0: 2.6 LOW CVSS 3.x: 6.1 MEDIUM

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

▼ CVSS2 Vec AV:N/AC:H/Au:N/C:N/I:P/A:N

NVD References

 20201021 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
     source:CISCO
     tags:Patch    Vendor Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Cisco(91 tweets) Linux(1 tweets) iOS(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://lists.astaro.com/ASGV9-IPS-rules.html19
https://threatpost.com/cisco-asa-bug-exploited-poc/167274/9
https://thehackernews.com/2021/06/cisco-asa-flaw-under-acti...8
https://www.helpnetsecurity.com/2021/06/29/cve-2020-3580-ex...8
https://www.tenable.com/blog/cve-2020-3580-proof-of-concept...4
https://noticiasseguridad.com/vulnerabilidades/codigo-de-ex...4
https://twitter.com/ptswarm/status/14080506444606505023
http://mi6rogue.com/news3
https://gist.githubusercontent.com/0x240x23elu/c99d44376ffd...3

▼ Show Information from Twitter(147)


List of frequently cited URLs

URLNum of Times Referred to
lists.astaro.com19
threatpost.com9
thehackernews.com8
www.helpnetsecurity.com8
www.tenable.com4
noticiasseguridad.com4
twitter.com3
mi6rogue.com3
gist.githubusercontent.com3

▼ Show Information from Twitter(147)


GitHub Search Results: Up to 10
NameURL
Hudi233/CVE-2020-3580 https://github.com/Hudi233/CVE-2020-3580

GitHub Search Results: Up to 10
NameURL
Hudi233/CVE-2020-3580 github.com

2021/08/02 Score : 0
Added Har-sia Database : 2020/10/22
Last Modified : 2021/08/02
Highest Scored Date : 2021/06/29
Highest Score : 49