CVE-2020-3452 Report - Details, Severity, & Advisories
Twingate Team
•
Mar 7, 2024
CVE-2020-3452 is a high-severity directory traversal vulnerability affecting Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This vulnerability allows an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. Various versions of Cisco ASA and FTD software are impacted by this vulnerability, making it a significant concern for organizations using these systems.
How do I know if I'm affected?
If you're using Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software, you might be affected by the vulnerability. The affected versions include Cisco ASA Software versions 9.6 up to 9.6.4.42, 9.8 up to 9.8.4.20, 9.9 up to 9.9.2.74, 9.10 up to 9.10.1.42, 9.12 up to 9.12.3.12, 9.13 up to 9.13.1.10, and 9.14 up to 9.14.1.10. For Cisco FTD, the affected versions include 6.2.3 up to 6.2.3.16, 6.3.0 up to 6.3.0.6, 6.4.0 up to 6.4.0.10, 6.5.0 up to 6.5.0.5, and 6.6.0 up to 6.6.0.1. Check your software version to see if you're at risk.
What should I do if I'm affected?
If you're affected by the vulnerability, it's important to take action to protect your system. First, check if your Cisco ASA or FTD software version is affected. If so, visit the Cisco Security Advisory page for information on available patches and updates. Apply the recommended patch or update to your system to mitigate the vulnerability and secure your network.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, CVE-2020-3452 is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Cisco ASA and FTD Read-Only Path Traversal Vulnerability, was added on November 3, 2021, with a due date of May 3, 2022. To address this vulnerability, organizations are required to apply updates according to the vendor's instructions.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-22 and CWE-20, which involves improper limitation of a pathname to a restricted directory and improper input validation, allowing attackers to access sensitive files.
For more details
CVE-2020-3452 is a high-severity directory traversal vulnerability affecting Cisco ASA and FTD software. Our analysis of the NVD page and related sources provides a comprehensive understanding of the vulnerability's description, severity, technical details, and affected software configurations. For more information about the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2020-3452 Report - Details, Severity, & Advisories
Twingate Team
•
Mar 7, 2024
CVE-2020-3452 is a high-severity directory traversal vulnerability affecting Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This vulnerability allows an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. Various versions of Cisco ASA and FTD software are impacted by this vulnerability, making it a significant concern for organizations using these systems.
How do I know if I'm affected?
If you're using Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software, you might be affected by the vulnerability. The affected versions include Cisco ASA Software versions 9.6 up to 9.6.4.42, 9.8 up to 9.8.4.20, 9.9 up to 9.9.2.74, 9.10 up to 9.10.1.42, 9.12 up to 9.12.3.12, 9.13 up to 9.13.1.10, and 9.14 up to 9.14.1.10. For Cisco FTD, the affected versions include 6.2.3 up to 6.2.3.16, 6.3.0 up to 6.3.0.6, 6.4.0 up to 6.4.0.10, 6.5.0 up to 6.5.0.5, and 6.6.0 up to 6.6.0.1. Check your software version to see if you're at risk.
What should I do if I'm affected?
If you're affected by the vulnerability, it's important to take action to protect your system. First, check if your Cisco ASA or FTD software version is affected. If so, visit the Cisco Security Advisory page for information on available patches and updates. Apply the recommended patch or update to your system to mitigate the vulnerability and secure your network.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, CVE-2020-3452 is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Cisco ASA and FTD Read-Only Path Traversal Vulnerability, was added on November 3, 2021, with a due date of May 3, 2022. To address this vulnerability, organizations are required to apply updates according to the vendor's instructions.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-22 and CWE-20, which involves improper limitation of a pathname to a restricted directory and improper input validation, allowing attackers to access sensitive files.
For more details
CVE-2020-3452 is a high-severity directory traversal vulnerability affecting Cisco ASA and FTD software. Our analysis of the NVD page and related sources provides a comprehensive understanding of the vulnerability's description, severity, technical details, and affected software configurations. For more information about the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2020-3452 Report - Details, Severity, & Advisories
Twingate Team
•
Mar 7, 2024
CVE-2020-3452 is a high-severity directory traversal vulnerability affecting Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This vulnerability allows an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. Various versions of Cisco ASA and FTD software are impacted by this vulnerability, making it a significant concern for organizations using these systems.
How do I know if I'm affected?
If you're using Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software, you might be affected by the vulnerability. The affected versions include Cisco ASA Software versions 9.6 up to 9.6.4.42, 9.8 up to 9.8.4.20, 9.9 up to 9.9.2.74, 9.10 up to 9.10.1.42, 9.12 up to 9.12.3.12, 9.13 up to 9.13.1.10, and 9.14 up to 9.14.1.10. For Cisco FTD, the affected versions include 6.2.3 up to 6.2.3.16, 6.3.0 up to 6.3.0.6, 6.4.0 up to 6.4.0.10, 6.5.0 up to 6.5.0.5, and 6.6.0 up to 6.6.0.1. Check your software version to see if you're at risk.
What should I do if I'm affected?
If you're affected by the vulnerability, it's important to take action to protect your system. First, check if your Cisco ASA or FTD software version is affected. If so, visit the Cisco Security Advisory page for information on available patches and updates. Apply the recommended patch or update to your system to mitigate the vulnerability and secure your network.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, CVE-2020-3452 is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Cisco ASA and FTD Read-Only Path Traversal Vulnerability, was added on November 3, 2021, with a due date of May 3, 2022. To address this vulnerability, organizations are required to apply updates according to the vendor's instructions.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-22 and CWE-20, which involves improper limitation of a pathname to a restricted directory and improper input validation, allowing attackers to access sensitive files.
For more details
CVE-2020-3452 is a high-severity directory traversal vulnerability affecting Cisco ASA and FTD software. Our analysis of the NVD page and related sources provides a comprehensive understanding of the vulnerability's description, severity, technical details, and affected software configurations. For more information about the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.