How I was able to get points easily on bugbounty platforms- CVE 2020-3452 and CVE 2020-3187.
Hello Everyone,
Welcome to another blog.
To people who don’t know me myself Ganesh, I am a security analyst at WesecureApp and a Part-time bug bounty hunter at Bugcrowd.
What is CVE 2020–3452?
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system.
The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. As an example, this could allow an attacker to impersonate another VPN user and establish a Clientless SSL VPN or AnyConnect VPN session to the device as that user.
What is CVE 2020–3187?
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive…