CVE-2020-3452
Description
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
Severity: HIGH
CVE ID: CVE-2020-3452
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Proof Of Concept
Nuclei Templates for CVE-2020-3452
Refrence: Project Discovery GitHub
XDev05
Refrence: GitHub
Loneyers
unauth file read in cisco asa & firepower.
Refrence: GitHub
PR3R00T
CVE-2020-3452 Cisco ASA Scanner -unauth Path Traversal Check
Refrence: GitHub
mr-r3b00t
Refrence: GitHub
foulenzer
Little, stupid python validator(?) for CVE-2020-3452 on CISCO devices.
Refrence: GitHub
Gh0st0ne
CVE-2020-3452 : Cisco ASA and FTD Unauthorized Remote File Reading Nmap NSE Script
Refrence: GitHub
0x5ECF4ULT
CVE-2020-3452 exploit
Refrence: GitHub
paran0id34
CVE-2020-3452 - directory traversal in Cisco ASA and Cisco Firepower Threat Defense
Refrence: GitHub
murataydemir
[CVE-2020-3452] Cisco Adaptive Security Appliance (ASA) & Cisco Firepower Threat Defense (FTD) Web Service Read-Only Directory Traversal
Refrence: GitHub
ludy-dev
(CVE-2020-3452) Cisco Adaptive Security Appliance Software - Local File Inclusion Vuln Test sciript
Refrence: GitHub
3ndG4me
Just basic scanner abusing CVE-2020-3452 to enumerate the standard files accessible in the Web Directory of the CISCO ASA applicances.
Refrence: GitHub
grim3
CVE-2020-3452
Refrence: GitHub
cygenta
Refrence: GitHub
darklotuskdb
CISCO CVE-2020-3452 Scanner & Exploiter
Refrence: GitHub
fuzzlove
CVE-2020-3452 - Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) traversal
Refrence: GitHub
faisalfs10x
simple bash script of CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability checker
Refrence: GitHub
sujaygr8
Refrence: GitHub
Aviksaikat
Test vulnerability of CVE-2020-3452
Refrence: GitHub
Veids
Refrence: GitHub
iveresk
Just proof of concept for Cisco CVE-2020-3452. Using external or internal file base.
Refrence: GitHub
imhunterand
Exploitation Scanner CVE-2020-3452 to enumerate the standard files accessible in the Path Traversal of CISCO ASA/FTD .🔥
Refrence: GitHub
Content on GitHub
MrCl0wnLab | watchers:18
checker-cve2020-3452
Cisco Adaptive Security Appliance and FTD Unauthorized Remote File Reading
Refrence: GitHub
toy0756428 | watchers:0
CVE_2020_3452_Detect
Refrence: GitHub