CISCO announced a sudden increase, as the holiday season starts, in attempts to exploit a vulnerability identified in 2018 (CVE-2018-0296). The vulnerability is: (a) denial-of-service; b) Information disclosure directory traversal.
CAUSE (Reported so far), improper input validation of the HTTP URL.
IMPACT (Reported so far) (a). Firewall Reboot; which can mean that the firewall is practically absent while it is re-loading and (b)Disclosure of unauthorized information
OBJECTIVE (Anticipated)(a) Diverting attention to execute another attack; (b)Disclosed information may be used to execute next step of a larger objective.
Mitigation (a) Run non-affected version i.e. CISCO released updates to address the vulnerability; (b) Snort signature to detect this attack is 46897.
CVSS Score is 8.6 for this vulnerability. (7.0-8.9 is considered HIGH Risk and 9.0-10.0 is considered critical).
Affected Products
- 3000 Series Industrial Security Appliance (ISA)
- ASA 1000V Cloud Firewall
- ASA 5500 Series Adaptive Security Appliances
- ASA 5500-X Series Next-Generation Firewalls
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Adaptive Security Virtual Appliance (ASAv)
- Firepower 2100 Series Security Appliance
- Firepower 4100 Series Security Appliance
- Firepower 9300 ASA Security Module
- FTD Virtual (FTDv)