• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw
March 11, 2020
Rewterz Threat Alert – Operation Overtrap – Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
March 12, 2020

Rewterz Threat Advisory – CVE-2018-0296 – Cisco ASA and FTD Bug Attacked in Wild for DoS and Information Disclosure

March 11, 2020

Severity

High

Analysis Summary

An increase in attempts to exploit CVE-2018-0296 has been observed in the wild. The vulnerability is a denial-of-service and information disclosure directory traversal bug affecting Cisco Adaptive Security Appliance (ASA) and Firepower Appliances. A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic.
Software updates have long been released by Cisco that address this vulnerability. There are no workarounds that address this vulnerability.

Impact

  • Denial of Service
  • Information Disclosure
  • Authentication Bypass
  • Directory Traversal

Affected Vendors

Cisco

Remediation

Customers should upgrade to an appropriate release as indicated in the following tables.

Cisco ASA Software

Cisco ASA Software ReleaseFirst Fixed Release for This Vulnerability
Prior to 9.11Migrate to 9.1.7.29
9.1 9.1.7.29
9.29.2.4.33
9.31Migrate to 9.4.4.18
9.4 9.4.4.18
9.51Migrate to 9.6.4.8
9.69.6.4.8
9.79.7.1.24
9.89.8.2.28
9.99.9.2.1

Cisco ASA Software releases prior to Release 9.1 and Cisco ASA Software Releases 9.3 and 9.5 have reached end-of-software maintenance. Customers should migrate to a supported release.

The software is available for download from the Software Center on Cisco.com by navigating to Products > Security > Firewalls > Adaptive Security Appliances (ASA) > ASA 5500-X Series Firewalls, where there is a list of Cisco ASA hardware platforms. The majority of these software releases are listed under Interim.

Cisco FTD Software

Cisco FTD Software ReleaseFirst Fixed Release for This Vulnerability
6.0Migrate to 6.1.0 HotFix or later
6.0.1Migrate to 6.1.0 HotFix or later
6.1.0Cisco_FTD_Hotfix_EI-6.1.0.7-2.sh (all FTD hardware platforms except 41xx and 9300)
Cisco_FTD_SSP_Hotfix_EI-6.1.0.7-2.sh (41xx and 9300 FTD hardware platforms)
6.2.0Not vulnerable
6.2.1Migrate to 6.2.2.3
6.2.26.2.2.3
6.2.36.2.3.1
6.2.3-851
6.2.3-85.02


The software is available for download from the Software Center on Cisco.com by navigating to Products > Security > Firewalls > Next-Generation Firewalls (NGFW), where there is a list of Cisco FTD hardware platforms.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.