A cross-scripting bug plaguing Cisco's Adaptive Security Appliance is being actively exploited ... threat actors to remotely inject arbitrary web script or HTML via an unspecified parameter.

The flaw could allow remote attackers to shut down ClamAV scanning and compromise critical security workflows.

Web security and security management appliances into the Cisco fold. The San Jose, Calif.-based networking vendor has dubbed the portfolio expansion "version 3.0" of its Self-Defending Network ...