CIS Logo
tagline: Confidence in the Connected World

Multiple Vulnerabilities in Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Directory Traversal Attacks

MS-ISAC ADVISORY NUMBER:

2020-062

DATE(S) ISSUED:

05/07/2020

OVERVIEW:

Multiple vulnerabilities have been discovered in Cisco Products, the most severe of which could allow for directory traversal attacks. Cisco is a vendor for IT, networking and cybersecurity solutions. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system.

THREAT INTELLIGENCE:

There is currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Cisco Adaptive Security Appliance versions prior to 9.14
  • Cisco Firepower Threat Defense versions prior to 6.6.0

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Cisco Products, the most severe of which could allow for directory traversal attacks. This vulnerability can be exploited by sending a crafted HTTP request containing directory traversal character sequences. Details of the vulnerabilities are as follows:

  • CVE-2020-3187: Path traversal attack
  • CVE-2020-3125: insufficient identity verification of the Kerberos key distribution center leads to authentication bypass
  • CVE-2020-3259: buffer tracking issue when the software parses invalid URLs, allows for attacker to retrieve memory contents
  • CVE-2020-3254: inefficient memory management, Denial of Service
  • CVE-2020-3196: improper resource management for inbound SSL/TLS connections, Denial of Service
  • CVE-2020-3298: improper memory protection mechanisms while processing certain OSPF packets, Denial of Service
  • CVE-2020-3191: incorrect processing of certain OSPF packets leads to memory leak, Denial of Service
  • CVE-2020-3195: incorrect processing of certain OSPF packets, Denial of Service

Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches or appropriate mitigations provided by Cisco to vulnerable systems immediately after appropriate testing.

REFERENCES:

Information Hub : Advisories


CONTROL: 1 --- ADVISORY CONTROL: 0

Pencil Blog post 28 Sep 2020
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0
CONTROL: 4 --- ADVISORY CONTROL: 0

Pencil White paper 22 Sep 2020