April 19, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw
March 11, 2020Rewterz Threat Alert – Operation Overtrap – Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
March 12, 2020Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw
March 11, 2020Rewterz Threat Alert – Operation Overtrap – Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
March 12, 2020
Severity
High
Analysis Summary
An increase in attempts to exploit CVE-2018-0296 has been observed in the wild. The vulnerability is a denial-of-service and information disclosure directory traversal bug affecting Cisco Adaptive Security Appliance (ASA) and Firepower Appliances. A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic.
Software updates have long been released by Cisco that address this vulnerability. There are no workarounds that address this vulnerability.
Impact
- Denial of Service
- Information Disclosure
- Authentication Bypass
- Directory Traversal
Affected Vendors
Cisco
Remediation
Customers should upgrade to an appropriate release as indicated in the following tables.
Cisco ASA Software
| Cisco ASA Software Release | First Fixed Release for This Vulnerability |
|---|---|
| Prior to 9.11 | Migrate to 9.1.7.29 |
| 9.1 | 9.1.7.29 |
| 9.2 | 9.2.4.33 |
| 9.31 | Migrate to 9.4.4.18 |
| 9.4 | 9.4.4.18 |
| 9.51 | Migrate to 9.6.4.8 |
| 9.6 | 9.6.4.8 |
| 9.7 | 9.7.1.24 |
| 9.8 | 9.8.2.28 |
| 9.9 | 9.9.2.1 |
Cisco ASA Software releases prior to Release 9.1 and Cisco ASA Software Releases 9.3 and 9.5 have reached end-of-software maintenance. Customers should migrate to a supported release.
The software is available for download from the Software Center on Cisco.com by navigating to Products > Security > Firewalls > Adaptive Security Appliances (ASA) > ASA 5500-X Series Firewalls, where there is a list of Cisco ASA hardware platforms. The majority of these software releases are listed under Interim.
Cisco FTD Software
| Cisco FTD Software Release | First Fixed Release for This Vulnerability |
|---|---|
| 6.0 | Migrate to 6.1.0 HotFix or later |
| 6.0.1 | Migrate to 6.1.0 HotFix or later |
| 6.1.0 | Cisco_FTD_Hotfix_EI-6.1.0.7-2.sh (all FTD hardware platforms except 41xx and 9300) Cisco_FTD_SSP_Hotfix_EI-6.1.0.7-2.sh (41xx and 9300 FTD hardware platforms) |
| 6.2.0 | Not vulnerable |
| 6.2.1 | Migrate to 6.2.2.3 |
| 6.2.2 | 6.2.2.3 |
| 6.2.3 | 6.2.3.1 6.2.3-851 6.2.3-85.02 |
The software is available for download from the Software Center on Cisco.com by navigating to Products > Security > Firewalls > Next-Generation Firewalls (NGFW), where there is a list of Cisco FTD hardware platforms.