Good Information Security = Good Monitoring

Advisory by Digital Arrays (Private) Limited | December 21, 2019

CISCO Firewall- Denial of Service Bug / Attacks

CISCO announced a sudden increase, as the holiday season starts, in attempts to exploit a vulnerability identified in 2018 (CVE-2018-0296). The vulnerability is: (a) denial-of-service; b) Information disclosure directory traversal.

CAUSE (Reported so far), improper input validation of the HTTP URL.

IMPACT (Reported so far) (a). Firewall Reboot; which can mean that the firewall is practically absent while it is re-loading and (b)Disclosure of unauthorized information

OBJECTIVE (Anticipated)(a) Diverting attention to execute another attack; (b)Disclosed information may be used to execute next step of a larger objective.

Mitigation (a) Run non-affected version i.e. CISCO released updates to address the vulnerability; (b) Snort signature to detect this attack is 46897.

CVSS Score is 8.6 for this vulnerability. (7.0-8.9 is considered HIGH Risk and 9.0-10.0 is considered critical).

Affected Products

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 1000V Cloud Firewall
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4100 Series Security Appliance
  • Firepower 9300 ASA Security Module
  • FTD Virtual (FTDv)
For More Details