PT-2020-09: Path Traversal vulnerability in Cisco ASA and Cisco FTD

HIGH
(7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X

What are the security threats on your network?

Check your traffic-for free
Request pilot

Vulnerable product:

Сisco ASA and Cisco FTD

Severity:

Severity level: High
Impact: Path Traversal vulnerability in Cisco ASA and Cisco FTD
Access Vector: Remote
Base 7.5
CVE: CVE-2020-14622

Vulnerability description:

A vulnerability in Cisco ASA and Cisco FTD allows attackers to read some WebVPN-related files, which may contain sensitive information like WebVPN configuration data of Cisco ASA users, bookmarks, cookies, web content, and HTTP URLs.

Advisory status:

February 13, 2020 - Vendor notification date
July 22, 2020 - Security advisory publication date (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86)

Credits:

The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies

Identifier:
CVE-2020-14622
Vendor:
Cisco
Vulnerable product:
Cisco ASA, Cisco FTD

Get in touch

Fill in the form and our specialists
will contact you shortly