Summary:
████████ is vulnerable to Read-Only Path Traversal Vulnerability as described at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
Description:
Get request parameters at the /+CSCOT+/translation-table and the /+CSCOT+/oem-customization are not properly sanitized which allows for reading files within the webroot directory that are not intended to be readable.
According to Cisco:
The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device.
##In curl:
AnyConnect SSL VPN -webvpn
Clientless SSL VPN - webvpn
Update the software to the latest version via the Cisco advisory linked above in the Summary.
An attacker can view arbitrary files within the web services file system on the targeted device that are meant to be internal or confidential. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features.
CVSS Score: Base 7.5
Vector: https://tools.cisco.com/security/center/cvssCalculator.x?version=3.1&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N