- “저작권 문제없이 누구나 사용 가능”··· 카카오모빌리티, ‘자율주행 AI 학습용 데이터셋’ 공개
- ‘오셀롯’ 칩으로 양자 컴퓨팅 상용화 5년 앞당기겠다는 AWS 주장에… 전문가들 “아직 갈 길 멀다”
- IBM, 하시코프 인수 절차 완료··· "멀티클라우드 지원 및 AI 자동화 강화"
- "2024년 국내 PC 출하량, 전년 대비 1.1% 감소한 474만 대" 한국IDC
- DirecTV's new no-contract 'Genre Packs' start at $35 - and you can try them for free
CVE-2020-3580: Proof of Concept Published for Cisco ASA Flaw Patched in October
Researchers at Positive Technologies have published a proof-of-concept exploit for CVE-2020-3580. There are reports of researchers pursuing bug bounties using this exploit.
Background
On October 21, 2021, Cisco released a security advisory and patches to address multiple cross-site scripting (XSS) vulnerabilities in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software web services. In April, Cisco updated the advisory to account for an incomplete fix of CVE-2020-3581.
On June 24, Positive Technologies tweeted a proof-of-concept (PoC) exploit for CVE-2020-3580.
Shortly after, Mikhail Klyuchnikov, a researcher at Positive Technologies also tweeted that other researchers are chasing bug bounties for this vulnerability. Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild.
Analysis
All four vulnerabilities exist because Cisco ASA and FTD software web services do not sufficiently validate user-supplied inputs. To exploit any of these vulnerabilities, an attacker would need to convince “a user of the interface” to click on a specially crafted link. Successful exploitation would allow the attacker to execute arbitrary code within the interface and access sensitive, browser-based information.
These vulnerabilities affect only specific AnyConnect and WebVPN configurations:
| Cisco ASA Software Feature | Vulnerable Configuration |
|---|---|
| AnyConnect Internet Key Exchange Version 2 (IKEv2) Remote Access (with client services) | crypto ikev2 enable <interface_name> client-services port <port #> |
| AnyConnect SSL VPN |
|
| Clientless SSL VPN |
|
| Cisco FTD Software Feature | Vulnerable Configuration |
|---|---|
| AnyConnect Internet Key Exchange Version 2 (IKEv2) Remote Access (with client services) | crypto ikev2 enable <interface_name> client-services port <port #> |
| AnyConnect SSL VPN |
|
Proof of concept
As mentioned earlier, there is a public PoC published by Positive Technologies on Twitter, which has gained significant attention.
Vendor response
Cisco has not issued any additional information or updates since the PoC was published. We will monitor and update this blog post if that changes.
Solution
With this new information, Tenable recommends that organizations prioritize patching CVE-2020-3580.
Identifying affected systems
A list of Tenable plugins to identify this vulnerability will appear here as they’re released.
Get more information
Join Tenable’s Security Response Team on the Tenable Community.
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.
Get a free 30-day trial of Tenable.io Vulnerability Management.
