Cisco network protectors are full of holes
Admins who protect networks with hardware and software from Cisco should install the latest versions of Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) for security reasons. Otherwise attackers could access data that is actually inaccessible.
A remote and unannounced attacker could access the web services file system of targeted devices by means of prepared HTTP requests (directory traversal attack). This file system is only available if Any Connect or WebVPN features are activated. This affects all devices with vulnerable ASA and FTD versions. According to the network supplier, they have not seen any attacks so far.
No direct access to systems
In a warning message, Cisco emphasizes that by successfully exploiting the vulnerability (CVE-2020-3452), attackers cannot gain access to ASA and FTD system files or the underlying operating system