"Attackers Are Exploiting Cisco ASA/FTD Flaw in Search For Sensitive Data"
Researchers have discovered that an unauthenticated file read vulnerability (CVE-2020-3452) is now being exploited in the wild. The vulnerability affects the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software. Devices are vulnerable only if they are running a vulnerable release of the software and are configured with WebVPN or AnyConnect features. The vulnerability can be exploited by remote unauthenticated attackers to read sensitive files within the targeted device's web services file system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit the vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device.