CVE-2020-3580

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting (XSS) in the context of the interface or access sensitive browser-based information. Vendor/Product: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). Added to CISA KEV 2021-11-03; required action: Apply updates per vendor instructions.