According to a proof-of-concept (PoC) exploits released on Thursday by researchers of the Positive Technologies Offensive Team for the Cisco ASA CVE-2020-3580 vulnerability, hackers are now exploiting a vulnerability tracked as CVE-2020-3580 in Cisco ASA devices.
The vulnerability, which allows an unauthenticated threat actor to send targeted phishing emails or malicious links to a user of a Cisco ASA device to execute JavaScript commands in the user’s browser, was first disclosed and fixed by Cisco in October 2020.
While the original fix was deemed inadequate, a later fix was published in April 2021.
For more information, read the original story in Bleeping Computer.