CVE-2020-3580
Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability
CVSS
—
No CVSS
EPSS
85.4%
p100
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Cisco / Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
Vulnerability
Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
Yes
Summary description
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting (XSS) in the context of the interface or access sensitive browser-based information.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-3580