这表明攻击企图利用思科自适应安全设备和 Firepower 威胁防御中的目录遍历漏洞。该漏洞是由于在处理精心设计的 HTTP 请求时对应用程序中用户提供的输入的过滤不足。远程攻击者可以利用它来获得对敏感信息的未经授权的访问。

Cisco ASA Software 9.5 Cisco ASA Software 9.6 before 9.6.4.42 Cisco ASA Software 9.7 Cisco ASA Software 9.8 before 9.8.4.20 Cisco ASA Software 9.9 before 9.9.2.74 Cisco ASA Software 9.10 before 9.10.1.42 Cisco ASA Software 9.12 before 9.12.3.12 Cisco ASA Software 9.13 before 9.13.1.10 Cisco ASA Software 9.14 before 9.14.1.10 Cisco FTD 6.2.2 Cisco FTD 6.2.3 before 6.2.3.16 Cisco FTD 6.3, 6.4, 6.5, 6.6 before 6.6.0.1 with AnyConnect or WebVPN configuration

信息泄露：远程攻击者可以从易受攻击的系统中获取敏感信息。

请参阅供应商的更新公告： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 https://tools.cisco.com/security/center /content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43