Cisco is urging organizations to implement its patch for a high severity directory traversal vulnerability that affected the web services interface of the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software firewall products and which is being actively exploited in the wild.
The vulnerability, CVE-2020-3452, stems from the “lack of proper input validation of URLs in HTTP requests processed by an affected device,” Cisco said in an advisory. “An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device.”
If the exploit is successful, the attacker could view arbitrary files found within the web services file system on a device, the company said, urging affected organizations to update quickly since there are no workarounds for the flaw.
While the path traversal attack “only grants read-only access and hackers cannot delete files from the system, the attacker can view information such as WebVPN configuration, bookmarks, web cookies, partial web content and HTTP URLs,” said Nuspire security analyst Josh Smith.
“When hackers gain access to a WebVPN configuration, they could compromise a VPN connection and gain access to a network,” he said. “With an increase in VPN usage, it is possible if an administrator isn’t auditing logs they may miss suspicious connections.”
In May Cisco patched CVE-2020-3187, a vulnerability in the web services interface in both products that could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files.
Patching the current vulnerability to block attacks designed to access sensitive information is “vital,” said Smith, particularly “as businesses weather the disruption caused by the coronavirus outbreak and continue to work remotely.”
