Cisco Adaptive Security Appliance (ASA) Path Traversal CVE-2020-3452
Description
Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software contain a path traversal vulnerability in their web services interface. This flaw allows unauthenticated remote attackers to bypass access controls and read arbitrary files on the system by manipulating URL paths. The vulnerability exists due to insufficient input validation of HTTP requests, enabling attackers to traverse outside the intended web directory structure.
Remediation
Apply the software updates provided by Cisco immediately, as no workarounds are available for this vulnerability. Follow these steps:
1. Identify all affected Cisco ASA and FTD devices in your environment
2. Review the Cisco Security Advisory (cisco-sa-asaftd-ro-path-KJuQhB86) to determine which software versions address this vulnerability
3. Download the appropriate patched software version from Cisco's official support portal
4. Schedule maintenance windows and apply updates to all affected devices following Cisco's upgrade procedures
5. Verify successful patching by checking the software version post-upgrade
6. As an interim measure until patching is complete, consider restricting access to the web services interface using access control lists (ACLs) to limit exposure to trusted IP addresses only
7. Monitor logs for any suspicious access attempts to the web interface that may indicate exploitation attempts