CVE-2020-3452
Cisco ASA and FTD Read-Only Path Traversal Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Cisco / Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
Vulnerability
Cisco ASA and FTD Read-Only Path Traversal Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
No
Summary description
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-3452