A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.94452Percentile:
0.9999
CVSS Scoring
CVSS v3.1 Score: 7.5
Severity: HIGH
KEV is present
Mapped CWE(s)
CWE-20
: Improper Input Validation
CWE-22
: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
All CAPEC(s)
CAPEC-10 : Buffer Overflow via Environment Variables
CAPEC-101 : Server Side Include (SSI) Injection
CAPEC-104 : Cross Zone Scripting
CAPEC-108 : Command Line Execution through SQL Injection
CAPEC-109 : Object Relational Mapping Injection
CAPEC-110 : SQL Injection through SOAP Parameter Tampering
CAPEC-120 : Double Encoding
CAPEC-126 : Path Traversal
CAPEC-13 : Subverting Environment Variable Values
CAPEC-135 : Format String Injection
CAPEC-136 : LDAP Injection
CAPEC-14 : Client-side Injection-induced Buffer Overflow
CAPEC-153 : Input Data Manipulation
CAPEC-182 : Flash Injection
CAPEC-209 : XSS Using MIME Type Mismatch
CAPEC-22 : Exploiting Trust in Client
CAPEC-23 : File Content Injection
CAPEC-230 : Serialized Data with Nested Payloads
CAPEC-231 : Oversized Serialized Data Payloads
CAPEC-24 : Filter Failure through Buffer Overflow
CAPEC-250 : XML Injection
CAPEC-261 : Fuzzing for garnering other adjacent user/sensitive data
CAPEC-267 : Leverage Alternate Encoding
CAPEC-28 : Fuzzing
CAPEC-3 : Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-31 : Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-42 : MIME Conversion
CAPEC-43 : Exploiting Multiple Input Interpretation Layers
CAPEC-45 : Buffer Overflow via Symbolic Links
CAPEC-46 : Overflow Variables and Tags
CAPEC-47 : Buffer Overflow via Parameter Expansion
CAPEC-473 : Signature Spoof
CAPEC-52 : Embedding NULL Bytes
CAPEC-53 : Postfix, Null Terminate, and Backslash
CAPEC-588 : DOM-Based XSS
CAPEC-63 : Cross-Site Scripting (XSS)
CAPEC-64 : Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-664 : Server Side Request Forgery
CAPEC-67 : String Format Overflow in syslog()
CAPEC-7 : Blind SQL Injection
CAPEC-71 : Using Unicode Encoding to Bypass Validation Logic
CAPEC-72 : URL Encoding
CAPEC-73 : User-Controlled Filename
CAPEC-76 : Manipulating Web Input to File System Calls
CAPEC-78 : Using Escaped Slashes in Alternate Encoding
CAPEC-79 : Using Slashes in Alternate Encoding
CAPEC-8 : Buffer Overflow in an API Call
CAPEC-80 : Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-81 : Web Server Logs Tampering
CAPEC-83 : XPath Injection
CAPEC-85 : AJAX Footprinting
CAPEC-88 : OS Command Injection
CAPEC-9 : Buffer Overflow in Local Command-Line Utilities
CAPEC(s) with Mapped TTPs
CAPEC-13 : Subverting Environment Variable Values
Mapped TTPs:
T1562.003
: Impair Command History Logging
T1574.006
: Dynamic Linker Hijacking
T1574.007
: Path Interception by PATH Environment Variable
CAPEC-267 : Leverage Alternate Encoding
Mapped TTPs:
T1027
: Obfuscated Files or Information
CAPEC-31 : Accessing/Intercepting/Modifying HTTP Cookies
Mapped TTPs:
T1539
: Steal Web Session Cookie
CAPEC-473 : Signature Spoof
Mapped TTPs:
Mapped ATT&CK TTPs
T1562.003
: Impair Command History Logging
Kill Chain: defense-evasion
T1574.006
: Dynamic Linker Hijacking
Kill Chain: persistence
T1574.007
: Path Interception by PATH Environment Variable
Kill Chain: persistence
T1027
: Obfuscated Files or Information
Kill Chain: defense-evasion
T1539
: Steal Web Session Cookie
Kill Chain: credential-access
T1036.001
: Invalid Code Signature
Kill Chain: defense-evasion
T1553.002
: Code Signing
Kill Chain: defense-evasion
Malware
APTs Threat Group Associations
Campaigns
APT41 DUST ArcaneDoor SolarWinds Compromise Operation Honeybee 2016 Ukraine Electric Power Attack RedDelta Modified PlugX Infection Chain Operations Operation Dream Job C0015 C0017
Affected Products
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me