Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept (PoC) exploit for the vulnerability tracked as CVE-2020-3580. Others also released PoC exploits shortly after.
CVE-2020-3580 is one of the several XSS vulnerabilities patched in October 2020 by Cisco in its ASA and FTD products. Some of these flaws were reported to the networking giant by Positive Technologies researchers.
Shortly after the PoC exploit was made public, one of those Positive Technologies researchers said the company’s offensive team had started “the hunt for low hanging CVE-2020-3580.”