The company has released security updates that address eight DoS vulnerabilities, an information disclosure vulnerability, a memory leak vulnerability, and an authentication bypass and bypass vulnerability.
The most dangerous problem is path traversal ( CVE-2020-3187 ) in ASA and FTD software, which scored 9.1 on the CVSS scale. The vulnerability was discovered by Mikhail Klyuchnikov from Positive Technologies. An attacker could exploit the vulnerability by sending a specially crafted HTTP request containing directory traversal character sequences. This will allow the attacker to view or delete files on the system. As noted by experts, all deleted files are recovered after a device restart.
The second vulnerability ( CVE-2020-3259 ) in ASA was discovered by Mikhail Klyuchnikov and Nikita Abramov of Positive Technologies and received a CVSS score of 7.5. This allows a criminal to log into the internal network of an organization and gain access to confidential information, for example, logins, email addresses, certificates, etc. Vulnerabilities can be exploited remotely and does not require authorization.
Read More: cisco firewall models