In July, Cisco released an advisory and fixed a high severity read-only path traversal vulnerability affecting the web services interface in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products. Later, it was found that some hackers had already started exploiting the vulnerability in the wild.
Instances of active exploitation
- The vulnerability, which affects Cisco ASA Software or Cisco FTD Software with a vulnerable AnyConnect or WebVPN configuration, is already being exploited in the wild by some attackers.
- The vulnerability (CVE-2020-3452), with a CVSS score of 7.5 out of 10, exists due to a lack of proper input validation of URLs in HTTP requests processed by affected devices.
- Attackers have started actively targeting vulnerable versions of the Cisco ASA/FTD products, where the patches have not yet been applied.
- Rapid7 Labs found that since the patch was issued, only about 10% of the total 85,000 internet-accessible Cisco ASA/FTD devices, and only 27 of the 398 detected in Fortune 500 companies appeared to have been patched or rebooted.
Swimming on the endless potential threat surface
The vulnerability is fatal as successful exploitation can allow an attacker to access highly sensitive data.
- Unauthenticated attackers can view arbitrary files within the web services file system on the targeted device.
- A potential attacker can gain access to sensitive files or information such as WebVPN configuration, bookmarks, web cookies, partial web content, and HTTP URLs within the web services file system.
Recent ASA/FTD vulnerabilities
Cisco has been releasing patches for recently found vulnerabilities identified in its ASA and FTD software.
- In May 2020, Cisco released 12 vulnerabilities in ASA and FTD software. The vulnerabilities were ranked high and tracked as CVE-2020-3191, CVE-2020-3298, CVE-2020-3254, CVE-2020-3195, and CVE-2020-3125, among others.
- In October 2019, Cisco issued fixes for 18 vulnerabilities (CVE-2019-12673, CVE-2019-12677, CVE-2019-12678, and others) in the firmware for ASA, FTD, and Firepower Management Center (FMC) products.
The Bottom Line
Customers are advised to patch their systems at the earliest to prevent becoming victims to exploits regarding these vulnerabilities.