Cisco patches actively exploited ASA/FTD firewall vulnerability

mood · Jul 24, 2020

Cisco patches actively exploited ASA/FTD firewall vulnerability
July 24, 2020
https://securityaffairs.co/wordpress/106313/hacking/cisco-cve-2020-3452-flaw.html

Cisco fixed a high severity and actively exploited read-only path traversal vulnerability affecting the web services interface of two of its firewall products.

If successfully exploited, the security vulnerability tracked as CVE-2020-3452 may allow unauthenticated attackers to read sensitive files on unpatched systems through directory traversal attacks.
The impacted products are Cisco Adaptive Security Appliance (ASA) Software — the OS for standalone appliances, blades, and virtual appliance Cisco ASA devices used to protect data centers and corporate networks — and the Cisco Firepower Threat Defense (FTD) Software — a unified software providing next-gen firewall services.
Click to expand...

Successful exploitation could allow remote attackers to read arbitrary files on the targeted devices, stored within the web services file system that is only enabled when the impacted devices are configured with either AnyConnect or WebVPN features.

"The web services files that the attacker can view may have information such as WebVPN configuration, bookmarks, web cookies, partial web content, and HTTP URLs," Cisco said.
Active exploitation already started, only 10% patched
One day after Cisco published the CVE-2020-3452 security advisory, the company had to update it to include information on available public exploit code (a public proof-of-concept unauthenticated file read exploit and an NMAP script).
Click to expand...

"[O]nly 27 of the 398 detected in Fortune 500 companies appear to have been patched/rebooted," Rapid7 also found.
Click to expand...

mood · Jul 24, 2020

Cisco Releases Security Updates for ASA and FTD Software
July 23, 2020
https://us-cert.cisa.gov/ncas/curre...eleases-security-updates-asa-and-ftd-software

Cisco has released security updates to address a vulnerability in Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software Web Service. A remote attacker could exploit this vulnerability to obtain sensitive information.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Cisco Security Advisory cisco-sa-asaftd-ro-path-KJuQhB86 for more information and apply the necessary updates.
Click to expand...

mood · Jun 27, 2021

Cisco ASA vulnerability actively exploited after exploit released
June 27, 2021
https://www.bleepingcomputer.com/ne...ty-actively-exploited-after-exploit-released/

Hackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit was published on Twitter.

This Cisco ASA vulnerability is cross-site scripting (XSS) vulnerability that is tracked as CVE-2020-3580.
Cisco first disclosed the vulnerability and issued a fix in October 2020. However, the initial patch for CVE-2020-3580 was incomplete, and a further fix was released in April 2021.

"A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information," says Cisco's advisory.
Click to expand...

Soon after the PoC was released, Tenable reported that threat actors are actively exploiting the vulnerability on affected devices but did not disclose what malicious activity was being performed.

"Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild," said Tenable.
As threat actors are now actively exploiting the vulnerability, it is crucial for administrators to immediately patch vulnerable Cisco ASA devices so threat actors cannot exploit them.
Click to expand...

Tenable: CVE-2020-3580: Proof of Concept Published for Cisco ASA Flaw Patched in October

Log in or Sign up

Cisco patches actively exploited ASA/FTD firewall vulnerability

mood Updates Team

mood Updates Team

mood Updates Team