PT-2020-03: Information disclosure in Сisco ASA and Cisco FTD Cisco ASA, Cisco FTDSeverity:Severity level: High Impact: Information disclosure in Сisco ASA and Cisco FTD Access Vector: RemoteCVSS v3 Base Score: 7.5 HIGH Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:XCVE: CVE-2020-3259Vulnerability description:Successful exploitation of this vulnerability allows an unauthorized, remote attacker to read arbitrary heap memory of the device and obtain a valid session ID of a user connected to Cisco VPN. The attacker can use the obtained session ID to access the organization’s intranet. Cisco ASA memory may also contain other sensitive information, like usernames, email addresses, and certificates, which can be used to further compromise the system.Advisory status:21.02.2020 - Vendor gets vulnerability details 06.05.2020 - Vendor releases fixed version and detailsCredits:The vulnerability was discovered by Mikhail Klyuchnikov and Nikita Abramov, Positive Technologies