Patching Cisco ASA/FTD Vulnerability (CVE-2020-3452)

Brenda Gratas July 27, 2022
- 3 min read

On July 2020, Cisco, a leading provider of network security solutions, disclosed the existence of CVE-2020-3452, a critical vulnerability impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.

If not addressed promptly, it exposes organizations to potential unauthorized access and data breaches. In this article, we’ll explore the intricacies of the CVE-2020-3452 vulnerability, shedding light on its potential risks and emphasizing the significance of promptly addressing the issue. Regarding this, InvGate Asset Management simplifies the Patch Management process and secures affected systems. 

Continue reading to gain a comprehensive understanding of this critical issue and discover effective strategies for safeguarding your network.

About CVE-2020-3452

One of the critical vulnerabilities that emerged in 2020, impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, was given the identifier CVE-2020-3452. This vulnerability posed a significant threat to network security, potentially leading to unauthorized access and sensitive data exposure. It gained attention due to its potential for exploitation by attackers to compromise affected devices.

The affected versions of Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software include:

  • Cisco ASA Software: Versions 9.6, 9.7, 9.8, 9.9, 9.10, 9.12, 9.13, and 9.14.
  • Cisco FTD Software: Versions 6.2.2, 6.2.3, 6.3.0, 6.4.0, 6.5.0, and 6.6.0.

How does CVE-2020-3452 work?

The vulnerability stemmed from a path traversal flaw present in the web services interface of Cisco ASA and FTD software. Specifically, the issue resided in the Secure Sockets Layer Virtual Private Network (SSL VPN) functionality provided by these products. By exploiting this vulnerability, an attacker could send a crafted HTTP request to the targeted device and gain access to files and directories that should be restricted.

What are CVE-2020-3452 risks?

The risk associated with CVE-2020-3452 was substantial. A successful exploit could allow an attacker to view sensitive information stored on the affected device, including webvpn configuration files, webvpn customization files, and potentially even web content. This information could potentially contain user credentials, session tokens, and other sensitive data, which could then be used for further attacks or unauthorized access to the network.

Moreover, the ability to traverse the file system through this vulnerability could enable an attacker to launch subsequent attacks, such as uploading malicious files, modifying configurations, or executing arbitrary commands. This elevated level of control over the affected device could lead to a complete compromise of the network infrastructure, jeopardizing the confidentiality, integrity, and availability of critical resources.

Is CVE-2020-3452 fixed?

Yes, Cisco released software updates that include the necessary fixes. Users are advised to upgrade to the latest version of the Cisco ASA or FTD software, which incorporates the patch for CVE-2020-3452. 

How to find devices exposed to CVE-2020-3452

With the use of InvGate Asset Management, you can quickly pinpoint devices that have been impacted by the CVE-2020-3452 vulnerability. Here are the recommended procedures to proceed with:

  1. Open InvGate Asset Management and go to the Explorer tab.
  2. Type in the Search bar “Software name, is:Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)” and “Software name, is:Firepower Threat Defense (FTD)” to filter all devices with these software products.
  3. Add another filter to the Search bar to see all devices missing the security patch. To do that, add the following filter: “Reported version, is not:” and paste Cisco’s patched version (depending on your product, you’ll find the security update number on Cisco’s webpage).

Use InvGate Asset Management to find devices exposed to CVE-2020-3452

The bottom line

In summary, the CVE-2020-3452 vulnerability poses a significant threat to Cisco ASA and FTD software, potentially leading to unauthorized access and exposure of sensitive data. The risks of not patching this vulnerability include data breaches, unauthorized network access, and potential compromise of the entire infrastructure.

To address this critical security issue, Cisco released software updates that include the necessary fixes. It is crucial for organizations using Cisco ASA or FTD software to upgrade to the latest version, which incorporates the patch for CVE-2020-3452.

With InvGate Asset Management, you can easily track and manage software vulnerabilities across your network, including Cisco ASA and FTD devices. Request a 30-day free trial and discover how it can streamline your Patch Management processes.

Read other articles like this : vulnerabilities

Evaluate InvGate as Your ITSM Solution

30-day free trial - No credit card needed