CVE-2020-3452

Description from NVD

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.

Information Acquisition Date:2021-04-27T10:48Z
CVSS 2.0: 5.0 MEDIUM CVSS 3.x: 7.5 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:N/A:N

NVD References

 20200722 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
     source:CISCO
     tags:Vendor Advisory    
 http://packetstormsecurity.com/files/158646/Cisco-ASA-FTD-Remote-File-Disclosure.html
     source:MISC
     tags:
 http://packetstormsecurity.com/files/158647/Cisco-Adaptive-Security-Appliance-Software-9.11-Local-File-Inclusion.html
     source:MISC
     tags:
 http://packetstormsecurity.com/files/159523/Cisco-ASA-FTD-9.6.4.42-Path-Traversal.html
     source:MISC
     tags:
 http://packetstormsecurity.com/files/160497/Cisco-ASA-9.14.1.10-FTD-6.6.0.1-Path-Traversal.html
     source:MISC
     tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
http://vulmon.com/vulnerabilitydetails?qid=CVE2689
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...229
https://reportcybercrime.com/191
https://cvetrends.com59
https://lists.astaro.com/ASGV9-IPS-rules.html21
https://twitter.com/ptswarm/status/12859747198215004237
https://gbhackers.com/cve-2020-3452-flaw-in-cisco/5
http://go.newsfusion.com/security/item/16912735
https://youtu.be/K6wYTsnCipY4
https://github.com/1N3/Sn1per4
https://raw.githubusercontent.com/RootUp/PersonalStuff/mast...4
https://<3
https://0day.today/exploit/description/350273
https://isc.sans.edu/diary/264263
https://blog.rapid7.com/2020/07/23/cve-2020-3452-cisco-asa-...3
https://skynettools.com/cisco-cve-2020-3452-scanner-exploiter/3
https://tools.cisco.com/security/center/content/CiscoSecuri...3
https://www.cvebase.com/cve/2020/34523
https://www.tenable.com/blog/cve-2020-3452-cisco-adaptive-s...3
https://securityaffairs.co/wordpress/106313/hacking/cisco-c...3
https://www.helpnetsecurity.com/2020/07/27/cve-2020-3452-ex...3
https://www.bleepingcomputer.com/news/security/cisco-patche...3
https://ipssignatures.appspot.com/?cve=CVE-2020-34523

Information from Twitter

User URL Info Source Date
0x2nac0nda https://twitter.com/0x2nac0nda/status/1614756680503554048/p... Source 0x2nac0nda       1614756680503554048 2023/01/16

List of frequently cited URLs

URLNum of Times Referred to
vulmon.com2689
alerts.vulmon.com229
reportcybercrime.com191
cvetrends.com59
lists.astaro.com21
twitter.com7
gbhackers.com5
go.newsfusion.com5
youtu.be4
github.com4
raw.githubusercontent.com4
<3
0day.today3
isc.sans.edu3
blog.rapid7.com3
skynettools.com3
tools.cisco.com3
www.cvebase.com3
www.tenable.com3
securityaffairs.co3
www.helpnetsecurity.com3
www.bleepingcomputer.com3
ipssignatures.appspot.com3

Information from Twitter

User URL Info Source
0x2nac0nda twitter.com Show Tweet
GitHub Search Results: Up to 10
NameURL
darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter
0x5ECF4ULT/CVE-2020-3452 https://github.com/0x5ECF4ULT/CVE-2020-3452
MrCl0wnLab/checker-cve2020-3452 https://github.com/MrCl0wnLab/checker-cve2020-3452
PR3R00T/CVE-2020-3452-Cisco-Scanner https://github.com/PR3R00T/CVE-2020-3452-Cisco-Scanner
cygenta/CVE-2020-3452 https://github.com/cygenta/CVE-2020-3452
3ndG4me/CVE-2020-3452-Exploit https://github.com/3ndG4me/CVE-2020-3452-Exploit
murataydemir/CVE-2020-3452 https://github.com/murataydemir/CVE-2020-3452
mr-r3b00t/CVE-2020-3452 https://github.com/mr-r3b00t/CVE-2020-3452
Gh0st0ne/http-vuln-cve2020-3452.nse https://github.com/Gh0st0ne/http-vuln-cve2020-3452.nse
grim3/CVE-2020-3452 https://github.com/grim3/CVE-2020-3452
GitHub Search Results: Up to 10
NameURL
darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter github.com
0x5ECF4ULT/CVE-2020-3452 github.com
MrCl0wnLab/checker-cve2020-3452 github.com
PR3R00T/CVE-2020-3452-Cisco-Scanner github.com
cygenta/CVE-2020-3452 github.com
3ndG4me/CVE-2020-3452-Exploit github.com
murataydemir/CVE-2020-3452 github.com
mr-r3b00t/CVE-2020-3452 github.com
Gh0st0ne/http-vuln-cve2020-3452.nse github.com
grim3/CVE-2020-3452 github.com
2023/03/01 Score : 0
Added Har-sia Database : 2020/07/23
Last Modified : 2023/03/01
Highest Scored Date : 2020/07/25
Highest Score : 55