Lucene search
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-ASAFTD-RO-PATH-KJUQHB86-ASA.NASLHistoryJul 24, 2020 - 12:00 a.m.
Cisco Adaptive Security Appliance Software Web Services Read-Only Path Traversal (cisco-sa-asaftd-ro-path-KJuQhB86)
2020-07-2400:00:00
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
48
A vulnerability exists in the web services interface of Cisco Adaptive Security Appliance (ASA) Software. An unauthenticated, remote attacker can exploit this, by sending a crafted HTTP request containing directory traversal character sequences to an affected device, in order to read sensitive files on the targeted system.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Note that Nessus has not tested for this issue but has instead relied only on the applicationโs self-reported version number.
#TRUSTED 73648cd677a9025849e056cae968dcc0ab7d02b3147a51d01e20b5bbc2542bb4725df7ff151fd25e155327b500b97e3698f8d2899edadd22b1293233bb1c8973222ce6902d9ddde6a8505ce4d453fd2f2121306aa025e764dac8ffc8bb2bdd8a6a294255ef7e82f7d379d7ef0e8f99fa62e8fe9ea51fc04edbea5ab4343c7c3789a605b6b03ddf79613a48f9afc03f706e28a899935e1a5ef9b6a0d544ae9ecafd4befdc8fd15f44075f2147a49c875529ddc73d4272e83563fad41eaab1e091821c2eff5c1124ee15475ef1dfb37542e1b27d778c3c6a04be1ecf7489039d49688afadc58fe1aad4eabb293ea350cbabcb11a24d95b05fe83de9cf10e7b908d08d2cc70792a67ee4d865061b02ebccd3a852a6d84e38fab31791a7dcc46caf8f5032ab1308c8eb2d1a208c583b9d4c3a2d2f334ac74c4ac050dcb1d060d2b62a8b3343042d9d0bddafbf5524deda19028761da6969acbf5011cd490b37b53864924e02d160136a14819b7cc2490f51e7b53152d5b6e5a84349d6157ec7695668790435620eb3ee2a300ca181758cd835db783c34e8956159d2775ea92fd64d4f22bdfd6a63c90dd024680b2c23a0179c969a7d67691442a3d47b7806306b0239a092c7c9975911d93eb18f8cc984f3886eb1effcd022b257d1c4f647bef322e3adef5418d451a3da2cacade91f3df2fe8d323422b8e0e4b2e3a4abce9246b00
#TRUST-RSA-SHA256 7d361fac0bf363d2bf0f400b461a9348202fa6972dabe7d95bf343fcce095098a627af55fdaca6aa4e48c7b7b0741abb732309adbcc70468a3be167481fd9120f45bc39f6834e587983078f5a1481b1b528dd695c9218c8a8639d9f0db4a9cf09e1369e677be67a69ea904d46062eae501751f6081d2bb6b1cc86996441fc5b4ecfcb0c6f2cff411ea9a2085aad906bff4abb19496f7a15c844427febf4d9bac4be6519d98774e8634f5acfaab0a2bd7365196a4a05a6baca703b538183779064b07c1620f7a4fde723fb4a16a1c994844642254644db49fa4c8be741b7657ad61e4e3877480ec7680a9d51a31b3b5da24ec0d7d54be8776f6c0580dec235fac665f69ea3f6d20cf61ebffe89b98e9af9da673c7fad7c76596bbbde3e4895ab5ea49f2e1ccbe5efed369c1964c22964c1cd545b06d010cb36e635ad37c298a8c73c15669e1769d94443deb9ccb5fbeb6953f9a79d546e6d2bb489b7288b3878b77a512230993fe45c3df762f75cb02256affd7e13a8117ce4c49c09190882a66349a6f929eeec1175e8679498408f56b11fd32bfbd52d01ea46e13db4f51eec7eaa9fa794b70ec4d7af6fa55015e174df16850f76b8d4a20501837c46e679680c0fd734e92651e6f1ca965b0446a6f8fbebb519f83f170ea649505c9d4ae358fb2d0dcf0e775d7bfbfd9442c9b1c71fb3f6c59f651f2cf721f78825400e0ba91
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(138894);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");
script_cve_id("CVE-2020-3452");
script_xref(name:"CISCO-BUG-ID", value:"CSCvt03598");
script_xref(name:"CISCO-SA", value:"cisco-sa-asaftd-ro-path-KJuQhB86");
script_xref(name:"IAVA", value:"2020-A-0338-S");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");
script_xref(name:"CEA-ID", value:"CEA-2020-0060");
script_name(english:"Cisco Adaptive Security Appliance Software Web Services Read-Only Path Traversal (cisco-sa-asaftd-ro-path-KJuQhB86)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"A vulnerability exists in the web services interface of Cisco Adaptive Security Appliance (ASA) Software. An
unauthenticated, remote attacker can exploit this, by sending a crafted HTTP request containing directory traversal
character sequences to an affected device, in order to read sensitive files on the targeted system.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3f081787");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt03598");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in the Cisco Security Advisory");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3452");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/22");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:adaptive_security_appliance_software");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
script_require_keys("Host/Cisco/ASA");
exit(0);
}
include('ccf.inc');
include('cisco_workarounds.inc');
product_info = cisco::get_product_info(name:'Cisco Adaptive Security Appliance (ASA) Software');
vuln_ranges = [
{'min_ver' : '0.0', 'fix_ver' : '9.6.4.42'},
{'min_ver' : '9.7', 'fix_ver' : '9.8.4.20'},
{'min_ver' : '9.9', 'fix_ver' : '9.9.2.74'},
{'min_ver' : '9.10', 'fix_ver' : '9.10.1.42'},
{'min_ver' : '9.12', 'fix_ver' : '9.12.3.12'},
{'min_ver' : '9.13', 'fix_ver' : '9.13.1.10'},
{'min_ver' : '9.14', 'fix_ver' : '9.14.1.10'},
];
workarounds = make_list(CISCO_WORKAROUNDS['anyconnect_client_services'], CISCO_WORKAROUNDS['ssl_vpn']);
reporting = make_array(
'port' , 0,
'severity' , SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , 'CSCvt03598',
'cmds' , make_list('show running_config')
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
reporting:reporting,
vuln_ranges:vuln_ranges
);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | adaptive_security_appliance_software | cpe:/a:cisco:adaptive_security_appliance_software |
Related
githubexploit
githubexploit
Exploit for Improper Input Validation in Cisco Adaptive Security Appliance
2020-07-24 00:39:11
Exploit for Improper Input Validation in Cisco Adaptive Security Appliance
2020-08-03 11:02:23
Exploit for Improper Input Validation in Cisco Adaptive Security Appliance
2020-09-28 05:00:37
checkpoint_advisories
checkpoint_advisories
Cisco Adaptive Security Appliance Directory Traversal (CVE-2020-3452)
2020-07-28 00:00:00
hackerone
hackerone
nessus
nessus
packetstorm
packetstorm
Cisco ASA / FTD 9.6.4.42 Path Traversal
2020-10-11 00:00:00
Cisco Adaptive Security Appliance Software 9.11 Local File Inclusion
2020-07-29 00:00:00
Cisco ASA 9.14.1.10 / FTD 6.6.0.1 Path Traversal
2020-12-15 00:00:00
cisco
cisco
nuclei
nuclei
zdt
zdt
cve
cve
CVE-2020-3452
2020-07-22 20:15:00
cisa_kev
cisa_kev
Cisco ASA and FTD Read-Only Path Traversal Vulnerability
2021-11-03 00:00:00
prion
prion
Directory traversal
2020-07-22 20:15:00
exploitdb
exploitdb
Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion
2020-07-28 00:00:00
Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)
2020-12-15 00:00:00
Cisco ASA and FTD 9.6.4.42 - Path Traversal
2020-10-12 00:00:00
attackerkb
attackerkb
CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability
2020-07-22 00:00:00
thn
thn
Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online
2021-06-28 06:39:00
impervablog
impervablog
threatpost
threatpost
Cisco ASA Bug Now Actively Exploited as PoC Drops
2021-06-25 16:08:38
Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns
2020-07-27 16:23:16
Cisco Network Security Flaw Leaks Sensitive Data
2020-07-23 19:49:49
Related for CISCO-SA-ASAFTD-RO-PATH-KJUQHB86-ASA.NASL