THREAT OPS › CVEs › CVE-2020-3452
CVE-2020-3452 — Cisco ASA and FTD Read-Only Path Traversal Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.
Vulnerability details
- Affected productsAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
- KEV remediation due2022-05-03