{"id": "CVE-2020-3187", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2020-05-06T17:15:12.087", "references": [{"url": "http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de servicios web del Cisco Adaptive Security Appliance (ASA) Software y el Cisco Firepower Threat Defense (FTD) Software, podr\u00eda permitir a un atacante remoto no autenticado conducir ataques de tipo salto de directorio y obtener acceso de lectura y eliminaci\u00f3n a archivos confidenciales en un sistema apuntado. La vulnerabilidad es debido a una falta de comprobaci\u00f3n apropiada de la entrada de la URL HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP dise\u00f1ada que contenga secuencias de caracteres de salto de directorio. Una explotaci\u00f3n podr\u00eda permitir a un atacante visualizar o eliminar archivos arbitrarios en el sistema apuntado. Cuando el dispositivo es reiniciado despu\u00e9s de la explotaci\u00f3n de esta vulnerabilidad, todos los archivos que fueron eliminados son restaurados. El atacante solo puede visualizar y eliminar archivos dentro del sistema de archivos de los servicios web. Este sistema de archivos es habilitado cuando el dispositivo afectado es configurado con las funciones WebVPN o AnyConnect. Esta vulnerabilidad no puede ser utilizada para obtener acceso a los archivos del sistema ASA o FTD o los archivos subyacentes del sistema operativo (SO). El reinicio del dispositivo afectado restaurar\u00e1 todos los archivos dentro del sistema de archivos de los servicios web."}], "lastModified": "2023-08-16T16:17:07.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4B2E5D3-ED34-4A7E-BD8F-8492B6737677", "versionEndExcluding": "6.2.3.16", "versionStartIncluding": "6.2.3"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D27DE97-510A-4761-8184-6940745B54E2", "versionEndExcluding": "6.3.0.6", "versionStartIncluding": "6.3.0"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "849D6B53-B5CF-48F2-9883-CC153D38B9F7", "versionEndExcluding": "6.4.0.8", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2B6355D-CD58-4DDE-A9CC-2B957F95CDA1", "versionEndExcluding": "6.5.0.4", "versionStartIncluding": "6.5.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5505_firmware:9.6\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "949BB1DD-BA47-4162-BF65-0A2947D5D555"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E6A8BB7-2000-4CA2-9DD7-89573CE4C73A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5510_firmware:9.6\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9731BEEE-9CC4-427C-A256-E4762BD95B3C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B091B9BA-D4CA-435B-8D66-602B45F0E0BD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.6\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84EEF9DF-FB57-4B00-9980-7B13B2C40EC1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08F0F160-DAD2-48D4-B7B2-4818B2526F35"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.6\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30BF96ED-74E2-470B-BA65-60CFDA50AE43"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "977D597B-F6DE-4438-AB02-06BE64D71EBE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5520_firmware:9.6\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63BCC677-5165-45BB-90B2-2CB75E733C6D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5520:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B387F62-6341-434D-903F-9B72E7F84ECB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.6\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4FD7A91-123B-4A11-B7CD-178BA7E76CD9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB71EB29-0115-4307-A9F7-262394FD9FB0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5540_firmware:9.6\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "307C13E2-1390-489A-9E77-C59B203E7150"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5540:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17C5A524-E1D9-480F-B655-0680AA5BF720"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.6\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E964E103-2C82-498B-A6F7-069977309A99"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57179F60-E330-4FF0-9664-B1E4637FF210"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5550_firmware:9.6\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2824D7D-5870-47B0-A6E1-DF2CF19AC076"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E6287D95-F564-44B7-A0F9-91396D7C2C4E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.6\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8454F9C4-FF6A-4AA0-9902-5E165B5994DC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5535C936-391B-4619-AA03-B35265FC15D7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5580_firmware:9.6\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBA1E3BB-DEDA-4074-8B36-9181525D82ED"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.6\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "223E0232-B901-431C-BDEC-738DF4B74DA3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF907DBB-5201-49EC-92C5-3BD3752BDECC", "versionEndExcluding": "9.6.4.40", "versionStartIncluding": "9.6"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00F098B2-8740-4F24-AB9A-C56462464C67", "versionEndExcluding": "9.8.4.15", "versionStartIncluding": "9.8"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE81D32-51D0-41F7-B06B-0750DCB1F589", "versionEndExcluding": "9.9.2.66", "versionStartIncluding": "9.9"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49FFDB02-2944-4B31-BBC0-30E60BA9F9D1", "versionEndExcluding": "9.10.1.37", "versionStartIncluding": "9.10"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BDBCE56-8434-43B5-A172-5A63536D9E9F", "versionEndExcluding": "9.12.3.2", "versionStartIncluding": "9.12"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE14B138-4EED-43E1-A8F1-0D16F4A761C0", "versionEndExcluding": "9.13.1.7", "versionStartIncluding": "9.13"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}