An increase in attempts to exploit CVE-2018-0296 has been observed in the wild. The vulnerability is a denial-of-service and information disclosure directory traversal bug affecting Cisco Adaptive Security Appliance (ASA) and Firepower Appliances. A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic.
Software updates have long been released by Cisco that address this vulnerability. There are no workarounds that address this vulnerability.
Customers should upgrade to an appropriate release as indicated in the following tables.
Cisco ASA Software
|Cisco ASA Software Release||First Fixed Release for This Vulnerability|
|Prior to 9.11||Migrate to 220.127.116.11|
|9.31||Migrate to 18.104.22.168|
|9.51||Migrate to 22.214.171.124|
Cisco ASA Software releases prior to Release 9.1 and Cisco ASA Software Releases 9.3 and 9.5 have reached end-of-software maintenance. Customers should migrate to a supported release.
The software is available for download from the Software Center on Cisco.com by navigating to Products > Security > Firewalls > Adaptive Security Appliances (ASA) > ASA 5500-X Series Firewalls, where there is a list of Cisco ASA hardware platforms. The majority of these software releases are listed under Interim.
Cisco FTD Software
|Cisco FTD Software Release||First Fixed Release for This Vulnerability|
|6.0||Migrate to 6.1.0 HotFix or later|
|6.0.1||Migrate to 6.1.0 HotFix or later|
|6.1.0||Cisco_FTD_Hotfix_EI-126.96.36.199-2.sh (all FTD hardware platforms except 41xx and 9300)|
Cisco_FTD_SSP_Hotfix_EI-188.8.131.52-2.sh (41xx and 9300 FTD hardware platforms)
|6.2.1||Migrate to 184.108.40.206|
The software is available for download from the Software Center on Cisco.com by navigating to Products > Security > Firewalls > Next-Generation Firewalls (NGFW), where there is a list of Cisco FTD hardware platforms.