THREATOPS
THREAT OPSCVEs › CVE-2020-3452

CVE-2020-3452 — Cisco ASA and FTD Read-Only Path Traversal Vulnerability

CISA KEVExploited: confirmedCisco

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.

Vulnerability details