CVE-2020-3580

Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting (XSS) in the context of the interface or access sensitive browser-based information.

Required Action

Apply updates per vendor instructions.

Related Information

Vendor/Project:Cisco Systems, Inc.

Product:Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

CWE:

CWE-79

Used in Ransomware:Known

Timeline

Date Added:03 Nov, 2021

Due Date:03 May, 2022

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-3580