2021-01-02 04:56:15 +00:00
id : CVE-2020-3187
2020-07-25 01:53:21 +00:00
info :
2022-04-29 19:58:07 +00:00
name : Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal
2020-07-25 01:53:21 +00:00
author : KareemSe1im
2021-09-10 11:26:40 +00:00
severity : critical
2022-04-29 19:58:07 +00:00
description : Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are susceptible to directory traversal vulnerabilities that could allow an unauthenticated, remote attacker to obtain read and delete access to sensitive files on a targeted system.
2021-03-16 15:18:54 +00:00
reference :
- https://twitter.com/aboul3la/status/1286809567989575685
- http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43
2022-04-29 19:58:07 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-3187
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 9.1
2021-09-10 11:26:40 +00:00
cve-id : CVE-2020-3187
cwe-id : CWE-22
2023-07-11 19:49:27 +00:00
epss-score : 0.97406
cpe : cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : cisco
product : firepower_threat_defense
tags : cve,cve2020,cisco,packetstorm
2020-07-25 01:53:21 +00:00
2023-04-27 04:28:59 +00:00
http :
2020-07-25 01:53:21 +00:00
- method : GET
path :
2020-07-25 06:57:30 +00:00
- "{{BaseURL}}/+CSCOE+/session_password.html"
2021-02-05 19:44:41 +00:00
2020-07-25 06:57:30 +00:00
matchers-condition : and
2020-07-25 01:53:21 +00:00
matchers :
- type : word
2023-07-11 19:49:27 +00:00
part : header
2020-07-25 01:53:21 +00:00
words :
2020-07-25 06:57:30 +00:00
- webvpn
2020-07-25 07:05:19 +00:00
- Webvpn
2020-07-25 06:57:30 +00:00
- type : status
status :
- 200