PT-2020-02: Reading or deleting arbitrary files in Cisco ASA and Cisco FTD Cisco ASA, Cisco FTDSeverity:Severity level: High Impact: Reading or deleting arbitrary files in Cisco ASA and Cisco FTD Access Vector: RemoteCVSS v3 Base Score: 9.1 HIGHVector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HCVE: CVE-2020-3187Vulnerability description:A vulnerability in WebVPN allows an unauthorized, remote attacker to conduct a denial of service attack against Cisco ASA devices by deleting files on the system. Successful exploitation of this vulnerability may allow attackers to disable Cisco ASA VPN and read some VPN web interface files.Advisory status:04.10.2019 - Vendor gets vulnerability details 06.05.2020 - Vendor releases fixed version and detailsCredits:The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies
