2021-01-02 04:56:15 +00:00
id : CVE-2020-3187
2020-07-25 01:53:21 +00:00
info :
2022-04-29 19:58:07 +00:00
name : Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal
2020-07-25 01:53:21 +00:00
author : KareemSe1im
2021-09-10 11:26:40 +00:00
severity : critical
2022-04-29 19:58:07 +00:00
description : Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are susceptible to directory traversal vulnerabilities that could allow an unauthenticated, remote attacker to obtain read and delete access to sensitive files on a targeted system.
2021-03-16 15:18:54 +00:00
reference :
- https://twitter.com/aboul3la/status/1286809567989575685
- http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43
2022-04-29 19:58:07 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-3187
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 9.1
2021-09-10 11:26:40 +00:00
cve-id : CVE-2020-3187
cwe-id : CWE-22
2022-04-22 10:38:41 +00:00
tags : cve,cve2020,cisco
2020-07-25 01:53:21 +00:00
requests :
- method : GET
path :
2020-07-25 06:57:30 +00:00
- "{{BaseURL}}/+CSCOE+/session_password.html"
2021-02-05 19:44:41 +00:00
2020-07-25 06:57:30 +00:00
matchers-condition : and
2020-07-25 01:53:21 +00:00
matchers :
- type : word
words :
2020-07-25 06:57:30 +00:00
- webvpn
2020-07-25 07:05:19 +00:00
- Webvpn
2020-07-25 06:57:30 +00:00
part : header
- type : status
status :
- 200
2022-04-29 19:58:07 +00:00
# Enhanced by mp on 2022/04/28