Cisco ASA VPN/FTD - Arbitrary File Read (CVE-2020-3452)
- CVSSv3 Score
- Vulnerability description
Cisco ASA VPN/FTD is affected by an Arbitrary File Read vulnerability, located on the /+CSCOT+/translation-table endpoint. The root cause of this vulnerability consists in insufficient validation of the HTTP input request which allows directory traversal attacks.
- Risk description
The risk exists that a remote unauthenticated attacker could exploit this vulnerability to view sensitive information on files located in the web services file system.
- Exploit capabilities
Sniper can read arbitrary files from the target system and extract them as evidence.
Update the Cisco ASA server to a version higher than 9.14.1 or the FTD server to a version higher than 18.104.22.168.
- Not available