A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful compromise will allow unauthenticated, remote attackers to perform directory traversal attacks and read sensitive files on their chosen targets.Īs noted in the AttackerKB information, the vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. On July 22, Cisco released a patch for a high-severity read-only path traversal vulnerability in its Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products.
