CVE-2020-3452 — Cisco ASA and FTD Read-Only Path Traversal Vulnerability
2021-11-03 • CISA Known Exploited Vulnerability
[event] Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Cisco |
| Product | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) |
| CWE | CWE-20 |
| CVE ID | CVE-2020-3452 |
| Date Added | 2021-11-03 |
| Due Date | 2022-05-03 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-05-03