![\"\"](\"https:\/\/hraicp.org\/wp-content\/uploads\/2020\/07\/624435-750x460-1.jpg\")
<\/p>\n\u06a9\u0645\u06cc\u062a\u0647 \u0631\u06a9\u0646 \u0686\u0647\u0627\u0631\u0645 – \u062f\u0631 \u062a\u0627\u0631\u06cc\u062e \u06f2\u06f2 July\u060c \u0633\u06cc\u0633\u06a9\u0648 \u0628\u0647 \u0637\u0648\u0631 \u0631\u0633\u0645\u06cc \u06cc\u06a9 \u0628\u06cc\u0627\u0646\u06cc\u0647 \u0645\u0628\u0646\u06cc \u0628\u0631 \u0648\u062c\u0648\u062f \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0632 \u0646\u0648\u0639 Path Traversal \u0631\u0627 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u06a9\u0647 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 directory traversal \u0646\u06cc\u0632 \u0634\u0646\u0627\u062e\u062a\u0647 \u0645\u06cc \u0634\u0648\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u06cc\u0646 \u0627\u0645\u06a9\u0627\u0646 \u0631\u0627 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u0628\u0647 \u0641\u0627\u06cc\u0644 \u0647\u0627 \u0648 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 \u0641\u0648\u0644\u062f\u0631 root \u0648\u0628 \u0630\u062e\u06cc\u0631\u0647 \u0634\u062f\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u0646\u062f. \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0647\u06a9\u0631\u0647\u0627 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u062d\u0645\u0644\u0627\u062a\u06cc \u0627\u0632 \u0642\u0628\u06cc\u0644 \u201cdot-dot-slash\u201d, \u201cdirectory traversal\u201d, \u201cdirectory climbing\u201d \u0648 \u06cc\u0627 \u201cbacktracking\u201d \u0634\u0648\u062f.<\/p>\n
<\/p>\n
\u0646\u0642\u0635 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc\u00a0Cisco Adaptive Security Appliance (ASA) \u0648\u00a0Cisco Firepower Threat Defense (FTD) \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u06a9\u0647 \u0628\u0627 \u0634\u0646\u0627\u0633\u0647\u00a0CVE-2020-3452 \u0642\u0627\u0628\u0644 \u0631\u062f\u06cc\u0627\u0628\u06cc \u0627\u0633\u062a.<\/p>\n
![\"\u0627\u062e\u0628\u0627\u0631](\"https:\/\/irancyber.news\/wp-content\/uploads\/2020\/07\/hight-1024x257.png\")
<\/p>\n
\u0645\u062e\u062a\u0635\u0631 \u062a\u0648\u0636\u06cc\u062d\u0627\u062a\u06cc \u062f\u0631 \u0645\u0648\u0631\u062f \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647:<\/strong><\/p>\n \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0631\u0627\u0628\u0637 \u0633\u0631\u0648\u06cc\u0633 \u0648\u0628 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 Cisco Adaptive Security Appliance (ASA) \u0648 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 Cisco Firepower Default Defence (FTD) \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0628\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u06cc\u0646 \u0627\u0645\u06a9\u0627\u0646 \u0631\u0627 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a HTTP \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u0634\u062f\u0647 \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a\u06af\u0627\u0647 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f. \u0628\u0627 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0645\u0648\u0641\u0642\u06cc\u062a \u0622\u0645\u06cc\u0632 \u0627\u0632 \u0646\u0642\u0635 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u0648\u062c\u0648\u062f\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u062d\u0645\u0644\u0627\u062a \u062a\u062d\u062a \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u062e\u0648\u062f \u0631\u0627 \u067e\u06cc\u0627\u062f\u0647 \u0633\u0627\u0632\u06cc \u06a9\u0631\u062f\u0647 \u0648 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0631\u0627 \u0631\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0647\u062f\u0641 \u0628\u062e\u0648\u0627\u0646\u062f.<\/p>\n \u201c\u0641\u0627\u06cc\u0644 \u0633\u06cc\u0633\u062a\u0645 \u0648\u0628 \u0633\u0631\u0648\u06cc\u0633 \u0647\u0646\u06af\u0627\u0645\u06cc \u0641\u0639\u0627\u0644 \u0645\u06cc \u0634\u0648\u062f \u06a9\u0647 \u062f\u0633\u062a\u06af\u0627\u0647 \u0622\u0633\u06cc\u0628 \u062f\u06cc\u062f\u0647 \u0628\u0627 \u0647\u0631 \u062f\u0648 \u0648\u06cc\u0698\u06af\u06cc WebVPN \u06cc\u0627 AnyConnect \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0634\u062f\u0647 \u0628\u0627\u0634\u062f. \u0647\u06a9\u0631\u0647\u0627 \u0646\u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0628\u0647 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u0633\u06cc\u0633\u062a\u0645 ASA \u06cc\u0627 FTD \u06cc\u0627 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0627\u0635\u0644\u06cc (OS) \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u06a9\u0646\u0646\u062f. \u201d<\/p>\n \u0648\u0631\u0698\u0646 \u0647\u0627\u06cc \u062a\u062d\u062a \u062a\u0627\u062b\u06cc\u0631 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc:<\/strong><\/p>\n \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0628\u0647 \u0634\u0631\u062d \u0632\u06cc\u0631 \u0627\u0633\u062a:<\/strong><\/p>\n \u06f1\u066b Cisco ASA\uff1a<\/strong><\/p>\n Vulnerable Configuration =>\u00a0crypto ikev2 enable <interface_name> client-services port <port #><\/p>\n Vulnerable Configuration =>\u00a0webvpn\u00a0 \u00a0enable <interface_name><\/p>\n Vulnerable Configuration =>webvpn\u00a0 \u00a0enable <interface_name> \u06f2\u066b Cisco FTD\uff1a<\/strong><\/p>\n Vulnerable Configuration =>\u00a0crypto ikev2 enable <interface_name> client-services port <port #><\/p>\n Vulnerable Configuration =>\u00a0webvpn\u00a0 \u00a0enable <interface_name><\/p>\n \u0631\u0627\u0647 \u062d\u0644<\/strong><\/p>\n \u0628\u0647\u062a\u0631\u06cc\u0646 \u0631\u0627\u0647\u06a9\u0627\u0631\u00a0\u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a \u0647\u06a9\u0631\u0647\u0627 \u0646\u0635\u0628 \u0628\u0647 \u0645\u0648\u0642\u0639 \u0648\u0635\u0644\u0647 \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc\u00a0\u0645\u0631\u0628\u0648\u0637 \u0628\u0647 Cisco ASA \/ TFD \u0645\u06cc \u0628\u0627\u0634\u062f.<\/p>\n \u0645\u0646\u0628\u0639: \u0627\u06cc\u0631\u0627\u0646 \u0633\u0627\u06cc\u0628\u0631<\/p>\n","protected":false},"excerpt":{"rendered":" \u06a9\u0645\u06cc\u062a\u0647 \u0631\u06a9\u0646 \u0686\u0647\u0627\u0631\u0645 – \u062f\u0631 \u062a\u0627\u0631\u06cc\u062e \u06f2\u06f2 July\u060c \u0633\u06cc\u0633\u06a9\u0648 \u0628\u0647 \u0637\u0648\u0631 \u0631\u0633\u0645\u06cc \u06cc\u06a9 \u0628\u06cc\u0627\u0646\u06cc\u0647 \u0645\u0628\u0646\u06cc \u0628\u0631 \u0648\u062c\u0648\u062f \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0632 \u0646\u0648\u0639 Path Traversal \u0631\u0627 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u06a9\u0647 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 directory traversal \u0646\u06cc\u0632 \u0634\u0646\u0627\u062e\u062a\u0647 \u0645\u06cc \u0634\u0648\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u06cc\u0646 \u0627\u0645\u06a9\u0627\u0646 \u0631\u0627 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u0628\u0647 \u0641\u0627\u06cc\u0644 \u0647\u0627 \u0648 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 […]<\/p>\n","protected":false},"author":4,"featured_media":19101,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,13],"tags":[783,124,467,380],"class_list":["post-19100","post","type-post","status-publish","format-standard","has-post-thumbnail","category-s3-000","category-13","tag-cisco","tag-124","tag-467","tag-380"],"_links":{"self":[{"href":"https:\/\/hraicp.org\/index.php?rest_route=\/wp\/v2\/posts\/19100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hraicp.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hraicp.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hraicp.org\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/hraicp.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=19100"}],"version-history":[{"count":1,"href":"https:\/\/hraicp.org\/index.php?rest_route=\/wp\/v2\/posts\/19100\/revisions"}],"predecessor-version":[{"id":19102,"href":"https:\/\/hraicp.org\/index.php?rest_route=\/wp\/v2\/posts\/19100\/revisions\/19102"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hraicp.org\/index.php?rest_route=\/wp\/v2\/media\/19101"}],"wp:attachment":[{"href":"https:\/\/hraicp.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=19100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hraicp.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=19100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hraicp.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=19100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
\n
\n
\n<\/strong><\/p>\n\n
\n