Positive Technologies expert Mikhail Klyuchnikov has uncovered a dangerous vulnerability in the Cisco ASA firewall¹. With it, an unauthenticated remote attacker could access files relating to the device's web interface, potentially causing disclosure of sensitive information. Cisco has published a software update and recommends installing it as soon as possible.
Klyuchnikov commented: "This vulnerability, known as CVE-2020-3452 and having a CVSSv3 score of 7.5, is highly dangerous. The cause is a failure to sufficiently verify inputs. An attacker can send a specially crafted HTTP request to gain access to the file system (RamFS), which stores data in RAM. Thus an attacker could read certain WebVPN files containing such information as the WebVPN configuration of Cisco ASA users, bookmarks, cookies, web content, and HTTP URL addresses."
To eliminate the vulnerability, update Cisco ASA to the most recent version.
Previously, Positive Technologies had discovered Cisco ASA vulnerability CVE-2020-3187 (score 9.1), exploitation of which could be used to disable the Cisco ASA VPN. A second vulnerability, CVE-2020-3259 (score 7.5), potentially enabled an attacker to read portions of the device memory, find a current token, and thereby access an organization's internal network.
- Cisco Adaptive Security Appliance is a series of hardware firewalls developed by Cisco Systems. Features include stateful firewalling, deep analysis of application-layer protocols, network address translation, IPsec VPN, and SSL VPN (connection via web interface or RIP, EIGRP, and OSPF dynamic routing protocols).