top of page

Cisco ASA/FTD (CVE-2020-3580) PoC published and now being exploited


Researchers at Positive Technologies have published proof of concept code for CVE-2020-3580.

On June 24th @ptswarm tweeted the poc and Tenable have reported that threat actors are actively exploiting the vulnerability on affected devices.


Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.


The proof of concept code identifies a POST request and the vulnerable parameter 'SAMLResponse'.

POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1
Host: ciscoASA.local 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 44  



By turning this into a traffic file and matching rule, we are able to detect attempts to influence the vulnerable parameter with cross-site scripting attempts.


Idappcom has created signature 8021478 along with a traffic file.


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here:


bottom of page