13 matches found
U.S. Dept Of Defense: XSS DUE TO CVE-2020-3580
Hello Team, During my research, I found multiple hosts to be vulnerable to Cisco ASA XSS CVE-2020-3580, This vulnerability targets the saml service within the VPN. It is triggered via a POST request to domain/+CSCOE+/saml/sp/acs?tgname=a References...
VulnCheck KEV: CVE-2020-3580
Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting XSS in the context of the...
U.S. Dept Of Defense: XSS due to CVE-2020-3580 [██████]
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web services interface of an...
U.S. Dept Of Defense: XSS due to CVE-2020-3580 [███]
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web services interface of an...
U.S. Dept Of Defense: XSS due to CVE-2020-3580 [███.mil]
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web services interface of an...
Cisco Adaptive Security Appliance Cross Site Scripting (CVE-2020-3580)
A cross site scripting vulnerability exists in Cisco Adaptive Security Appliance. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
MTN Group: Reflected Cross Site Scripting Cisco ASA on myvpn.mtncameroon.net CVE-2020-3580
The Cisco ASA Adaptive Security Appliance and Cisco Firepower Threat Defense FTD Software were found to contain vulnerabilities in their web services interface. These vulnerabilities could have allowed an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user ...
Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online
A security vulnerability in Cisco Adaptive Security Appliance ASA that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept PoC exploit code. The PoC was published by researchers from...
U.S. Dept Of Defense: XSS DUE TO CVE-2020-3580
Hello Team, During my research, I found the following host to be vulnerable to CVE 2020-3580 which is POST BASED XSS. Vulnerable URL: https://████/+CSCOE+/saml/sp/acs?tgname=a Impact Attackers can steal cookies and even takeover accounts and perform different malicious activities. System Hosts ██...
U.S. Dept Of Defense: XSS DUE TO CVE-2020-3580
Hello Team, During my research, I found the following host to be vulnerable to CVE 2020-3580 which is POST BASED XSS. Vulnerable URL: https://█████/+CSCOE+/saml/sp/acs?tgname=a Impact Attackers can steal cookies and even takeover accounts and perform different malicious activities. System Hosts █...
U.S. Dept Of Defense: ███████ - XSS - CVE-2020-3580
████ appears to be affected by the Cisco ASA XSS CVE-2020-3580, This vulnerablity is targets the saml service within the VPN. It is triggered via a POST request to /+CSCOE+/saml/sp/acs?tgname=a References...
Cisco Firepower Threat Defense Software Web Services Interface Multiple Vulnerabilities (cisco-sa-asaftd-xss-multiple-FCB3vPZe)
According to its self-reported version, Cisco Firepower Threat Defense Software is affected by multiple vulnerabilities. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...
CVE-2020-3580
Cisco ASA/FTD web services suffer XSS due to insufficient input validation in the web UI, allowing unauthenticated, remote attackers to induce script execution or access browser data via crafted links. Affected products include Cisco ASA and FTD with specific AnyConnect/WebVPN configurations. Imp...