CVE-2020-3452

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. Vendor/Product: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). Added to CISA KEV 2021-11-03; required action: Apply updates per vendor instructions.