The Cisco Adaptive Security Appliance Software vulnerability (CVE-2020-3580) is being actively exploited by threat actors after its PoC was released on Twitter. While Cisco released information on the vulnerability and patches back in October 2020, it was further fixed in April of 2021.
“A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information,” says Cisco’s advisory.
Cisco Adaptive Security Appliance Software
Update to the fixed versions of the Cisco ASA software from the vendor website at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe