Proof of Concept for Cisco Adaptive Security Appliance and Firepower Threat Defense Software Available (CVE-2020-3452)

This week, Cisco published an advisory for a serious vulnerability in its Adaptive Security Appliance and Firepower Threat Defense software. The vulnerability, identified as CVE-2020-3452, is a read-only path traversal flaw in devices that have configured WebVPN or AnyConnect. While the vulnerability only received a CVSSv3 score of 7.5, an unauthenticated, remote attacker could exploit the flaw to view sensitive information in files on the web services file system. 

One of the researchers credited with discovering the flaw, Ahmed Aboul-Ela, published a pair of proof-of-concept snippets on Twitter for this vulnerability.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.