WEB APPLICATION VULNERABILITIES Standard & Premium

Cisco Adaptive Security Appliance (ASA) Path Traversal CVE-2020-3452

Description

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system.

Remediation

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

References

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability

Related Vulnerabilities

WordPress Plugin Really Easy Slider TimThumb Arbitrary File Upload (0.1)

MyBB Improper Input Validation Vulnerability (CVE-2016-9420)

WordPress Plugin jRSS Widget 'url' Parameter Directory Traversal (1.1.1)

Joomla! Core Directory Traversal (2.5.0 - 3.9.22)

WordPress Plugin Dean's FCKEditor with pwwang's code Arbitrary File Upload (1.0.0)

Severity

High

Classification

CVE-2020-3452 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal