Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues

Just a quick reminder: We are continuing to see small numbers of exploit attempts against CVE-2020-3452. Cisco patched this directory traversal vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The exploit is rather simple and currently used to find vulnerable systems by reading benign LUA source code files. 

Example attempts:

GET /+CSCOE+/translation-table?=mst&textdomain=/%bCSCOE%2b/portalinc.lua@default-languaqe&lang=../ HTTP/1.1
GET /+CSCOE+/translation-table?=mst&textdomain=/+CSCOE+/portal_inc.lua@default-languaqe&lang=../
GET /translation-table?=mst&textdomain=

Out honeypot isn't emulating this vulnerability well right now, so we are not seeing followup attacks.

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

I will be teaching next: Defending Web Applications Security Essentials - SANS Cyber Defense Initiative 2020

Johannes

4005 Posts
ISC Handler
Aug 4th 2020

Sign Up for Free or Log In to start participating in the conversation!