nuclei-templates/cves/2020/CVE-2020-3187.yaml

30 lines
1.0 KiB
YAML
Raw Normal View History

2021-01-02 04:56:15 +00:00
id: CVE-2020-3187
info:
name: CVE-2020-3187
author: KareemSe1im
2020-08-31 18:34:29 +00:00
severity: high
description: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system.
2021-03-16 15:18:54 +00:00
reference:
- https://twitter.com/aboul3la/status/1286809567989575685
- http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43
tags: cve,cve2020,cisco
requests:
- method: GET
path:
2020-07-25 06:57:30 +00:00
- "{{BaseURL}}/+CSCOE+/session_password.html"
2020-07-25 06:57:30 +00:00
matchers-condition: and
matchers:
- type: word
words:
2020-07-25 06:57:30 +00:00
- webvpn
2020-07-25 07:05:19 +00:00
- Webvpn
2020-07-25 06:57:30 +00:00
part: header
- type: status
status:
- 200