Severity Rating: HIGH
Software Affected
•Cisco ASA Software or FTD Software.
Overview
Vulnerability has been reported in the web services interface of Cisco
Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat
Defense (FTD) Software which could allow an unauthenticated, remote
attacker to retrieve memory contents on an affected device, which could
lead to the disclosure of confidential information.
Description
A Vulnerability exists in the web services interface of Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software due to a buffer tracking issue when the software parses invalid
URLs that are requested from the web services interface that could allow
the attacker to disclose the confidential information. An attacker could
exploit this vulnerability by sending a crafted GET request to the web
services interface.
Successful exploitation of this vulnerability could allow the attacker to
retrieve memory contents, which could lead to the disclosure of
confidential information.
Solution
Apply appropriate updates as mentioned in:
- -sa-asaftd-info-disclose-9eJtycMB
Vendor Information
CISCO
- -sa-asaftd-info-disclose-9eJtycMB
References
CISCO
- -sa-asaftd-info-disclose-9eJtycMB
CVE Name
CVE-2020-3259
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIVN-2020-0217] Microsoft SharePoint Server Remote Code Execution Vulnerability](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )