Severity Rating: HIGH
Software Affected
•Cisco ASA Software or FTD Software.
Overview
Vulnerability has been reported in the web services interface of Cisco
Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat
Defense (FTD) Software which could allow an unauthenticated, remote
attacker to retrieve memory contents on an affected device, which could
lead to the disclosure of confidential information.
Description
A Vulnerability exists in the web services interface of Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software due to a buffer tracking issue when the software parses invalid
URLs that are requested from the web services interface that could allow
the attacker to disclose the confidential information. An attacker could
exploit this vulnerability by sending a crafted GET request to the web
services interface.
Successful exploitation of this vulnerability could allow the attacker to
retrieve memory contents, which could lead to the disclosure of
confidential information.
Solution
Apply appropriate updates as mentioned in:
- -sa-asaftd-info-disclose-9eJtycMB
Vendor Information
CISCO
- -sa-asaftd-info-disclose-9eJtycMB
References
CISCO
- -sa-asaftd-info-disclose-9eJtycMB
CVE Name
CVE-2020-3259