Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2020-3187 — Path Traversal in Cisco Adaptive Security Appliance Software
Severity
9.1CRITICALNVD
EPSS
94.3%
top 0.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMay 6
Latest updateMay 24
Description
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal c…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2
Affected Packages15 packages
🔴Vulnerability Details
3GHSA▶
GHSA-5f48-6vm9-w28v: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software co↗2022-05-24
CVEList▶
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability↗2020-05-06
VulnCheck▶
Cisco firepower_threat_defense Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')↗2020
💥Exploits & PoCs
3Exploit-DB
▶
Nuclei▶
Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal
Nuclei▶
Cisco ASA Security Checks
📋Vendor Advisories
1Cisco▶
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability↗2020-05-06