CNNVD-202509-3957 Information
CNNVD ID
CNNVD-202509-3957
Related CVE
- CNNVD Published: 2025-09-25
Description (Chinese)
Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense都是美国思科(Cisco)公司的产品。Cisco Secure Firewall Adaptive Security Appliance是一个企业级防火墙软件。Cisco Secure Firewall Threat Defense是一个集成式防火墙平台。 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense存在安全漏洞,该漏洞源于HTTP请求中用户输入验证不当,可能导致未经身份验证的攻击者访问受限URL。
Description (English)
Cisco Security Fairive Security Application and Cisco Security Fairwall Threat Defense are all Cisco products. Cisco Security Firewall Adaptive Security Application is an enterprise-level firewall software. Cisco Security Firewall Threat Defense is an integrated firewall platform. There is a security loophole between Cisco Security Fair Active Security and Cisco Security Fairwall Threat Defense, which stems from the improper user input verification in the HTTP request, which may result in restricted access to URLs by unidentified assailants.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Cires21
Published
2025-09-25
Last Modified
2026-02-24
References
https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20362 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW https://access.redhat.com/security/cve/cve-2025-20362 https://vigilance.fr/vulnerability/Cisco-ASA-privilege-escalation-via-VPN-Web-Server-48321