Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues

SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
Just a quick reminder: We are continuing to see small numbers of exploit attempts against CVE-2020-3452. Cisco patched this directory traversal vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The exploit is rather simple and currently used to find vulnerable systems by reading benign LUA source code files. Example attempts: GET /+CSCOE+/translation-table?=mst&textdomain=/%bCSCOE%2b/portalinc.lua@default-languaqe&lang=../ HTTP/1.1 GET /+CSCOE+/translation-table?=mst&textdomain=/+CSCOE+/portal_inc.lua@default-languaqe&lang=../ GET /translation-table?=mst&textdomain= Out honeypot isn't emulating this vulnerability well right now, so we are not seeing followup attacks. --- Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute Twitter\| I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022	Johannes 4479 Posts ISC Handler Aug 4th 2020
Thread locked Subscribe	Aug 4th 2020 1 year ago