Cisco ASA & Firepower Threat Defense Vulnerability Exploited
WHAT HAPPENED?
On June 24, 2021, a cybersecurity firm published a Proof of Concept (PoC) exploit on Cisco’s Adaptive Security Appliance, showing security weaknesses in the software. While PoC’s are intended for information sharing and not for harm, the published vulnerability is currently being exploited in-the-wild. In-the-wild attacks occur on computers or systems that are being used by ordinary users, not in a testing environment. Cisco has previously addressed the security vulnerability in its ASA in October 2020 and again in April 2021.
WHAT DOES THIS MEAN FOR ME?
Systems that appear to be impacted include the web services interface of Cisco ASA and Firepower Threat Defense. Specifically, this attack could allow bad actors to execute malicious code on an end-user’s browser, also known as cross-site scripting, or “XSS”.
The vulnerability is being tracked as CVE-2020-3580; all users of these products are highly encouraged to contact their IT Provider and update these vulnerabilities. Specific technical information can be found here.
If your firm uses these products, it should act now to prevent data compromise. Fairview Cyber can help your firm implement policies and procedures to monitor and address system and network vulnerabilities. Contact us today for more information about our services.