Severity Rating: HIGH
Software Affected
•Cisco ASA Software or FTD Software.
Overview
Vulnerability has been reported in the web services interface of Cisco
Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat
Defense (FTD) Software which could allow an unauthenticated, remote
attacker to conduct directory traversal attacks and obtain read and delete
access to sensitive files on a targeted system.
Description
A Vulnerability exists inthe web services interface of Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software due to a lack of proper input validation of the HTTP URL that
could allow the attacker to access sensitive files on a targeted system. An
attacker could exploit this vulnerability by sending a crafted HTTP request
containing directory traversal character sequences and allow the attacker
to view or delete arbitrary files on the targeted system. The file system
is enabled when the affected device is configured with either WebVPN or
AnyConnect features. When the device is reloaded after exploitation of this
vulnerability, any files that were deleted are restored.
Successful exploitation of this vulnerability could allow the attacker to
obtain read and delete access to sensitive files on a targeted system.
Solution
Apply appropriate updates as mentioned in:
- -sa-asaftd-path-JE3azWw43
Vendor Information
CISCO
- -sa-asaftd-path-JE3azWw43
References
CISCO
- -sa-asaftd-path-JE3azWw43
CVE Name
CVE-2020-3187
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIVN-2020-0187] Information Disclosure vulnerability in Git](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )