Details of VAR-202005-0685

ID

VAR-202005-0685

CVE

CVE-2020-3187

TITLE

Cisco Adaptive Security Appliance software and Cisco Firepower Threat Defense Path traversal vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-005187

DESCRIPTION

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system. The platform provides features such as highly secure access to data and network resources

Trust: 1.8

sources: NVD: CVE-2020-3187 // JVNDB: JVNDB-2020-005187 // VULHUB: VHN-181312 // VULMON: CVE-2020-3187

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.2.3	Trust: 1.0
vendor:	cisco	model:	asa 5505	scope:	eq	version:	9.6\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.9.2.66	Trust: 1.0
vendor:	cisco	model:	asa 5512-x	scope:	eq	version:	9.6\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.10.1.37	Trust: 1.0
vendor:	cisco	model:	asa 5550	scope:	eq	version:	9.6\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.3.2	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.5.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.13	Trust: 1.0
vendor:	cisco	model:	asa 5545-x	scope:	eq	version:	9.6\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.13.1.7	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.10	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.2.3.16	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	asa 5585-x	scope:	eq	version:	9.6\(4\)	Trust: 1.0
vendor:	cisco	model:	asa 5520	scope:	eq	version:	9.6\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.12	Trust: 1.0
vendor:	cisco	model:	asa 5555-x	scope:	eq	version:	9.6\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.8	Trust: 1.0
vendor:	cisco	model:	asa 5515-x	scope:	eq	version:	9.6\(4\)	Trust: 1.0
vendor:	cisco	model:	asa 5510	scope:	eq	version:	9.6\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4.15	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.3.0.6	Trust: 1.0
vendor:	cisco	model:	asa 5540	scope:	eq	version:	9.6\(4\)	Trust: 1.0
vendor:	cisco	model:	asa 5580	scope:	eq	version:	9.6\(4\)	Trust: 1.0
vendor:	cisco	model:	asa 5525-x	scope:	eq	version:	9.6\(4\)	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.3.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.4.0.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.6.4.40	Trust: 1.0
vendor:	cisco	model:	asa 5505	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5510	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5512-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5515-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5520	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5525-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5540	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5545-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5550	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-005187 // NVD: CVE-2020-3187

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3187
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3187
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-005187
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202005-206
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-181312
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-3187
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3187
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005187
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181312
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3187
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3187
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-005187
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181312 // VULMON: CVE-2020-3187 // JVNDB: JVNDB-2020-005187 // CNNVD: CNNVD-202005-206 // NVD: CVE-2020-3187 // NVD: CVE-2020-3187

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-181312 // JVNDB: JVNDB-2020-005187 // NVD: CVE-2020-3187

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-206

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202005-206

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005187

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-181312

PATCH

title:	cisco-sa-asaftd-path-JE3azWw43	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43	Trust: 0.8
title:	Cisco Firepower Threat Defense and Adaptive Security Appliances Software Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117808	Trust: 0.6
title:	Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asaftd-path-JE3azWw43	Trust: 0.1
title:	CVE-2020-3187	url:	https://github.com/T4t4ru/CVE-2020-3187	Trust: 0.1
title:	-	url:	https://github.com/sunyyer/CVE-2020-3187-Scanlist	Trust: 0.1
title:	CVE-2020-3187	url:	https://github.com/sujaygr8/CVE-2020-3187	Trust: 0.1
title:	nuclei-templates	url:	https://github.com/projectdiscovery/nuclei-templates	Trust: 0.1
title:	supplier	url:	https://github.com/r0eXpeR/supplier	Trust: 0.1

sources: VULMON: CVE-2020-3187 // JVNDB: JVNDB-2020-005187 // CNNVD: CNNVD-202005-206

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3187	Trust: 2.6
db:	PACKETSTORM	id:	158648	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-005187	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-206	Trust: 0.7
db:	EXPLOIT-DB	id:	48723	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1615.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1615	Trust: 0.6
db:	NSFOCUS	id:	47281	Trust: 0.6
db:	CNVD	id:	CNVD-2020-29598	Trust: 0.1
db:	VULHUB	id:	VHN-181312	Trust: 0.1
db:	VULMON	id:	CVE-2020-3187	Trust: 0.1

sources: VULHUB: VHN-181312 // VULMON: CVE-2020-3187 // JVNDB: JVNDB-2020-005187 // CNNVD: CNNVD-202005-206 // NVD: CVE-2020-3187

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asaftd-path-je3azww43	Trust: 1.7
url:	http://packetstormsecurity.com/files/158648/cisco-adaptive-security-appliance-software-9.7-arbitrary-file-deletion.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3187	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3187	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-asa-directory-traversal-32195	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47281	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1615/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/48723	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1615.2/	Trust: 0.6

sources: VULHUB: VHN-181312 // JVNDB: JVNDB-2020-005187 // CNNVD: CNNVD-202005-206 // NVD: CVE-2020-3187

CREDITS

0xmmnbassel

Trust: 0.6

sources: CNNVD: CNNVD-202005-206

SOURCES

db:	VULHUB	id:	VHN-181312
db:	VULMON	id:	CVE-2020-3187
db:	JVNDB	id:	JVNDB-2020-005187
db:	CNNVD	id:	CNNVD-202005-206
db:	NVD	id:	CVE-2020-3187

LAST UPDATE DATE

2024-08-14T13:24:33.867000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181312	date:	2023-03-01T00:00:00
db:	VULMON	id:	CVE-2020-3187	date:	2023-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-005187	date:	2020-06-09T00:00:00
db:	CNNVD	id:	CNNVD-202005-206	date:	2020-07-30T00:00:00
db:	NVD	id:	CVE-2020-3187	date:	2023-08-16T16:17:07.960

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181312	date:	2020-05-06T00:00:00
db:	VULMON	id:	CVE-2020-3187	date:	2020-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-005187	date:	2020-06-09T00:00:00
db:	CNNVD	id:	CNNVD-202005-206	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2020-3187	date:	2020-05-06T17:15:12.087