Skip to content
/ Cisco-ASA-FTD-Web-Services-Traversal Public

CVE-2020-3452 - Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) traversal

5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fuzzlove/Cisco-ASA-FTD-Web-Services-Traversal

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
CVE-2020-3452.py
CVE-2020-3452.py
 
 
README.md
README.md
 
 
cisco_asa_file_list.txt
cisco_asa_file_list.txt
 
 

Repository files navigation

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability

CVE-2020-3452

Usage: CVE-2020-3452.py https://target

Vulnerability description: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system.

Sample output:

➜  Cisco-ASA-FTD-Web-Services-Traversal git:(main) ✗ python CVE-2020-3452.py https://target
+-------------------------------------------------------------+

- [ Cisco ASA / FTD Web Services Traversal Vulnerability ]

-       -[ CVE-2020-3452 - PoC by: LiquidSky ^_^ ]-

+-------------------------------------------------------------+
[*] Checking potential target : https://target
[+] https://target is vulnerable... 
[+] Grabbing logo.gif from the host.
[+] https://target is vulnerable... 
[+] Grabbing http_auth.html from the host.
[+] https://target is vulnerable...

About

CVE-2020-3452 - Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) traversal

Topics

exploit penetration-testing

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages