CISCO announced a sudden increase, as the holiday season starts, in attempts to exploit a vulnerability identified in 2018 (CVE-2018-0296). The vulnerability is: (a) denial-of-service; b) Information disclosure directory traversal.

CAUSE (Reported so far), improper input validation of the HTTP URL.

IMPACT (Reported so far) (a). Firewall Reboot; which can mean that the firewall is practically absent while it is re-loading and (b)Disclosure of unauthorized information

OBJECTIVE (Anticipated)(a) Diverting attention to execute another attack; (b)Disclosed information may be used to execute next step of a larger objective.

Mitigation (a) Run non-affected version i.e. CISCO released updates to address the vulnerability; (b) Snort signature to detect this attack is 46897.

CVSS Score is 8.6 for this vulnerability. (7.0-8.9 is considered HIGH Risk and 9.0-10.0 is considered critical).

Affected Products

• 3000 Series Industrial Security Appliance (ISA)
• ASA 1000V Cloud Firewall
• ASA 5500 Series Adaptive Security Appliances
• ASA 5500-X Series Next-Generation Firewalls
• ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• Adaptive Security Virtual Appliance (ASAv)
• Firepower 2100 Series Security Appliance
• Firepower 4100 Series Security Appliance
• Firepower 9300 ASA Security Module
• FTD Virtual (FTDv)

For More Details