Positive TechnologiesPT-2020-02PT-2020-02: Reading or deleting arbitrary files in Cisco ASA and Cisco FTD
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.973 High
EPSS
Percentile
99.9%
PT-2020-02: Reading or deleting arbitrary files in Cisco ASA and Cisco FTD
Cisco ASA, Cisco FTD
Severity:
Severity level: High
Impact: Reading or deleting arbitrary files in Cisco ASA and Cisco FTD
Access Vector: Remote
CVSS v3 Base Score: 9.1 HIGH
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE: CVE-2020-3187
Vulnerability description:
A vulnerability in WebVPN allows an unauthorized, remote attacker to conduct a denial of service attack against Cisco ASA devices by deleting files on the system. Successful exploitation of this vulnerability may allow attackers to disable Cisco ASA VPN and read some VPN web interface files.
Advisory status:
04.10.2019 - Vendor gets vulnerability details 06.05.2020 - Vendor releases fixed version and details
Credits:
The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.973 High
EPSS
Percentile
99.9%