PT-2020-09: Path Traversal vulnerability in Cisco ASA and Cisco FTD

–°isco ASA and Cisco FTD

Severity:

Severity level: High
Impact: Path Traversal vulnerability in Cisco ASA and Cisco FTD
Access Vector: Remote Base 7.5 CVE: CVE-2020-14622

Vulnerability description:

A vulnerability in Cisco ASA and Cisco FTD allows attackers to read some WebVPN-related files, which may contain sensitive information like WebVPN configuration data of Cisco ASA users, bookmarks, cookies, web content, and HTTP URLs.

Advisory status:

February 13, 2020 - Vendor notification date
July 22, 2020 - Security advisory publication date (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86)

Credits:

The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies