CVE-2020-3578

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions prior to the fixed release Cisco Firepower Threat Defense (FTD) Software versions prior to the fixed release

Description The issue is related to insufficient validation of URLs when portal access rules are configured in the web services interface of the affected software. This could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. An attacker could exploit this by accessing certain URLs on the affected device.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software, update to the fixed release. For Cisco Firepower Threat Defense (FTD) Software, update to the fixed release. As a temporary workaround, consider restricting access to the WebVPN portal until a patch is available. Avoid accessing certain URLs on the affected device that could be used to exploit the issue.