Positive TechnologiesPT-2020-09PT-2020-09: Path Traversal vulnerability in Cisco ASA and Cisco FTD
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.109 Low
EPSS
Percentile
95.0%
PT-2020-09: Path Traversal vulnerability in Cisco ASA and Cisco FTD
Сisco ASA and Cisco FTD
Severity:
Severity level: High
Impact: Path Traversal vulnerability in Cisco ASA and Cisco FTD
Access Vector: Remote Base 7.5 CVE: CVE-2020-14622
Vulnerability description:
A vulnerability in Cisco ASA and Cisco FTD allows attackers to read some WebVPN-related files, which may contain sensitive information like WebVPN configuration data of Cisco ASA users, bookmarks, cookies, web content, and HTTP URLs.
Advisory status:
February 13, 2020 - Vendor notification date
July 22, 2020 - Security advisory publication date (<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86>)
Credits:
The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies
Related
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.109 Low
EPSS
Percentile
95.0%