id: CVE-2020-3187 info: name: CVE-2020-3187 author: KareemSe1im severity: high description: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. reference: https://twitter.com/aboul3la/status/1286809567989575685 tags: cve,cve2020,cisco requests: - method: GET path: - "{{BaseURL}}/+CSCOE+/session_password.html" matchers-condition: and matchers: - type: word words: - webvpn - Webvpn part: header - type: status status: - 200