Networking and hardware company Cisco stated that it has become aware of the availability of public exploit code and active exploitation of a high-severity vulnerability in its web services interface, Adaptive Security Appliance (ASA) and the Firepower Threat Defense (FTD) software. In a security advisory, Cisco stated that the security vulnerability dubbed as “CVE-2020-3452” could allow an unauthenticated, remote attacker to perform directory traversal attacks and steal sensitive data.
“An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device,” Cisco said.
It is found that the vulnerability affects Cisco products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software with a vulnerable AnyConnect or WebVPN configuration. The company also confirmed that this vulnerability does not affect Cisco Firepower Management Center (FMC) Software and cannot be used to obtain access to ASA or FTD system files or underlying operating system files. The company has released software updates to fix the vulnerability.
“The attacker can view files within the web services file system only. The web services file system is enabled for the WebVPN and AnyConnect features outlined in the Vulnerable Products section of this advisory; therefore, this vulnerability does not apply to the ASA and FTD system files or underlying operating system (OS) files. The web services files that the attacker can view may have information such as WebVPN configuration, bookmarks, web cookies, partial web content, and HTTP URLs,” the advisory said.
Counterfeit Cisco Switches
Recently, an investigation report from F-Secure revealed a pair of counterfeit network switches impersonating the Cisco network switches. The counterfeit devices, versions of the Cisco Catalyst 2960-X series switches, were designed to bypass authentication processes to system components. According to the investigation, the counterfeit devices did not have any backdoor functionalities, but had the ability to bypass security controls. The counterfeits were physically and operationally similar to an authentic Cisco switch. Threat actors either invested heavily in imitating Cisco’s original design or had access to proprietary engineering documentation to create fake copy, the report said.
