Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: May 3, 2022

High
CISA KEV

CVE-2020-3452

CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2020-3452

Vulnerability Overview

Severity
High
CISA KEV
Yes
Ransomware
Unknown
Published
Nov 3, 2021
KEV Added
Nov 3, 2021
Due Date
May 3, 2022
Related Articles
0

Vendor

Cisco

Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)