2021-01-02 04:56:15 +00:00
id : CVE-2020-3187
2020-07-25 01:53:21 +00:00
info :
name : CVE-2020-3187
author : KareemSe1im
2020-08-31 18:34:29 +00:00
severity : high
2021-02-05 19:44:41 +00:00
description : A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system.
2021-03-16 15:18:54 +00:00
reference :
- https://twitter.com/aboul3la/status/1286809567989575685
- http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43
2021-02-05 19:44:41 +00:00
tags : cve,cve2020,cisco
2020-07-25 01:53:21 +00:00
requests :
- method : GET
path :
2020-07-25 06:57:30 +00:00
- "{{BaseURL}}/+CSCOE+/session_password.html"
2021-02-05 19:44:41 +00:00
2020-07-25 06:57:30 +00:00
matchers-condition : and
2020-07-25 01:53:21 +00:00
matchers :
- type : word
words :
2020-07-25 06:57:30 +00:00
- webvpn
2020-07-25 07:05:19 +00:00
- Webvpn
2020-07-25 06:57:30 +00:00
part : header
- type : status
status :
- 200