HomePentest-Tools.com Logo

Cisco ASA VPN/FTD - Arbitrary File Read CVE-2020-3452

Severity
CVSSv3 Score
7.5
Vulnerability description

Cisco ASA VPN/FTD is affected by an Arbitrary File Read vulnerability, located on the /+CSCOT+/translation-table endpoint. The root cause of this vulnerability consists in insufficient validation of the HTTP input request which allows directory traversal attacks.

Risk description

The risk exists that a remote unauthenticated attacker could exploit this vulnerability to view sensitive information on files located in the web services file system.

Exploit capabilities

Sniper can read arbitrary files from the target system and extract them as evidence.

Recommendation

Update the Cisco ASA server to a version higher than 9.14.1 or the FTD server to a version higher than 6.6.0.1.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Sniper
Exploitable with Sniper
Yes
CVE Published
Jul 1, 2020
Detection added at
Software Type
VPN gateway
Vendor
Cisco
Product
ASA