Security News > 2020 > July > Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data
An unauthenticated file read vulnerability affecting Cisco Adaptive Security Appliance and Firepower Threat Defense software is being exploited by attackers in the wild.
There's a proof of concept doing the rounds for directory path traversal in Cisco AnyConnect SSL VPN. It's already being mass spammed across internet.
CVE-2020-3452 affects the web services interface of Cisco ASA and Cisco FTD software and can be exploited by remote unauthenticated attackers to read sensitive files within the web services file system on the targeted device.
Here is POC of CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower.
"Since it is difficult to legally fingerprint Cisco ASA/FTD versions remotely, Rapid7 Labs revisited the 'uptime' technique described in a 2016 blog post for another Cisco ASA vulnerability, which shows that only about 10% of Cisco ASA/FTD devices have been rebooted since the release of the patch. This is a likely indicator they've been patched," noted Bob Rudis, Chief Data Scientist at Rapid7.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/cGWozLFV2rE/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-22 | CVE-2020-3452 | Path Traversal vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. | 7.5 |