CVE-2020-3452
Cisco ASA and FTD Read-Only Path Traversal Vulnerability
CVSS
—
Sin CVSS
EPSS
100.0%
p100
KEV
SÍ
3 nov 2021
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Cisco / Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
Vulnerabilidad
Cisco ASA and FTD Read-Only Path Traversal Vulnerability
Añadido a KEV
3 nov 2021
Remediar antes de
3 may 2022
Uso conocido en ransomware
No
Descripción resumida
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2020-3452