CVE-2020-3452 Scanner
CVE-2020-3452 scanner - Path Traversal vulnerability in Cisco Adaptive Security Appliance (ASA) Software
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
30 seconds
Time Interval
4 weeks
Scan only one
URL
Toolbox
-
Cisco Adaptive Security Appliance (ASA) Software is a security solution used to protect networks from various threats. This software is designed to provide secure remote access to corporate networks for employees, contractors, and partners. ASA Software provides advanced firewall features, intrusion prevention, VPN services, and other advanced security features. By using this software, businesses can ensure that their data is secure, and that their network is protected from malicious actors.
CVE-2020-3452 is a vulnerability detected in the Cisco Adaptive Security Appliance (ASA) Software that allows an attacker to conduct directory traversal attacks. This vulnerability exists due to the lack of input validation of URLs in HTTP requests processed by an affected device. An attacker can exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to the affected device. A successful exploitation of this vulnerability would allow an attacker to view arbitrary files stored within the web services file system on the targeted device.
When CVE-2020-3452 is exploited, the attacker can gain access to sensitive files, including web server files, which may contain confidential information. The vulnerability can also be used to obtain access to the WebVPN or AnyConnect features configured on the device. This could result in a compromise of sensitive data or unauthorized access to the network.
s4e.io provides advanced features to protect against vulnerabilities in digital assets. This platform provides information about the latest security threats and vulnerabilities affecting various software and hardware products. It also offers tools and services that help businesses protect their networks from malicious actors. By using this platform, users can stay informed about the latest threats and protect their digital assets. With s4e.io, businesses can take proactive measures to secure their network and data and keep their businesses running smoothly.
REFERENCES
- tools.cisco.com: 20200722 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
- http://packetstormsecurity.com/files/158646/Cisco-ASA-FTD-Remote-File-Disclosure.html
- http://packetstormsecurity.com/files/158647/Cisco-Adaptive-Security-Appliance-Software-9.11-Local-File-Inclusion.html
- http://packetstormsecurity.com/files/159523/Cisco-ASA-FTD-9.6.4.42-Path-Traversal.html
- http://packetstormsecurity.com/files/160497/Cisco-ASA-9.14.1.10-FTD-6.6.0.1-Path-Traversal.html
