CVE-2020-3452 - Cisco ASA and FTD Read-Only Path Traversal Vulnerability
Project:Cisco
Product:Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
Cisco ASA and FTD Read-Only Path Traversal Vulnerability
Description
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-3452