Agentic Detection Engineering is here. Let’s talk at RSAC — Booth #350
Meet with us at RSAC
On-Demand Webinar

Unauthenticated Path Traversal - CVE-2020-3452

Threats + Use Case
April 20, 2021 12:00 AM
CST
Online
On-Demand Webinar

Unauthenticated Path Traversal - CVE-2020-3452

Detection Strategies

Description

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software(CVE-2020-3452) could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.

References

Request Access to Use Case Repository

Categories

Initial Access

Exploit Public-Facing Application

Splunk

Get the Latest Resources

Leave Your Data Where You Want: Detect Across Snowflake

Demo Series
Leave Your Data Where You Want: Detect Across Snowflake
Watch

MonteAI: Your Detection Engineering & Threat Hunting Co-Pilot

Demo Series
MonteAI: Your Detection Engineering & Threat Hunting Co-Pilot
Watch
Build Detections You Want, Where You Want
Get the latest news, blog posts and threat reports
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By submitting this form, you agree to our Terms of Use
and acknowledge our Privacy Statement.
Product
PlatformIntegrations
Learn
BlogResourcesThreat ResearchDetection DispatchWebinarsCustomersSolution Guides
Customer Resources
Log InRelease NotesKnowledge Base
Company
About UsCareersContact Us
Facebook
Twitter
Linkedin
© 2025 Anvilogic. All Rights Reserved.
Agentic Detection Engineering is here. Let’s talk at RSAC — Booth #350
Meet with us at RSAC
White Paper

Unauthenticated Path Traversal - CVE-2020-3452

Threats + Use Case
Build Detections You Want, Where You Want
Get the latest news, blog posts and threat reports
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By submitting this form, you agree to our Terms of Use
and acknowledge our Privacy Statement.
Product
PlatformIntegrations
Learn
BlogResourcesThreat ResearchDetection DispatchWebinarsCustomersSolution Guides
Customer Resources
Log InRelease NotesKnowledge Base
Company
About UsCareersContact Us
Facebook
Twitter
Linkedin
© 2025 Anvilogic. All Rights Reserved.
Agentic Detection Engineering is here. Let’s talk at RSAC — Booth #350
Meet with us at RSAC
April 20, 2021

Unauthenticated Path Traversal - CVE-2020-3452

Threats + Use Case
No items found.

Description

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software(CVE-2020-3452) could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.

References

Request Access to Use Case Repository

Categories

Initial Access

Exploit Public-Facing Application

Splunk

Resources

No items found.

Build Detection You Want,
Where You Want

Build Detection You Want,
Where You Want

Book a Demo