Security News > 2020 > July > Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data

Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data
2020-07-27 11:24

An unauthenticated file read vulnerability affecting Cisco Adaptive Security Appliance and Firepower Threat Defense software is being exploited by attackers in the wild.

There's a proof of concept doing the rounds for directory path traversal in Cisco AnyConnect SSL VPN. It's already being mass spammed across internet.

CVE-2020-3452 affects the web services interface of Cisco ASA and Cisco FTD software and can be exploited by remote unauthenticated attackers to read sensitive files within the web services file system on the targeted device.

Here is POC of CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower.

"Since it is difficult to legally fingerprint Cisco ASA/FTD versions remotely, Rapid7 Labs revisited the 'uptime' technique described in a 2016 blog post for another Cisco ASA vulnerability, which shows that only about 10% of Cisco ASA/FTD devices have been rebooted since the release of the patch. This is a likely indicator they've been patched," noted Bob Rudis, Chief Data Scientist at Rapid7.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/cGWozLFV2rE/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-07-22 CVE-2020-3452 Path Traversal vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system.
network
low complexity
cisco CWE-22
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1771 1669 288 3749