CVE-2018-0296

Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.

Una vulnerabilidad en la interfaz web de Cisco Adaptive Security Appliance (ASA) podría permitir que un atacante remoto sin autenticar haga que el dispositivo afectado se reinicie inesperadamente y provoque una denegación de servicio (DoS) como consecuencia. También es posible en ciertas versiones del software que ASA no se recargue, pero un atacante podría ver información sensible del sistema sin autenticación mediante el uso de técnicas de salto de directorio. Esta vulnerabilidad se debe a la falta de validación de entradas adecuada de la URL HTTP. Un atacante podría explotar esta vulnerabilidad enviando una petición HTTP manipulada a un dispositivo afectado. Su explotación podría permitir a un atacante provocar una denegación de servicio o la divulgación no autenticada de información. Esta vulnerabilidad aplica al tráfico HTTP IPv4 y IPv6. Esta vulnerabilidad afecta a las versiones de Cisco ASA Software y Cisco Firepower Threat Defense (FTD) Software que se ejecutan en los siguientes productos de Cisco: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module y FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.

Cisco Adaptive Security Appliance suffers from a path traversal vulnerability.

Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-06-07 CVE Published
2018-06-26 First Exploit
2021-11-03 Exploited in Wild
2022-05-03 KEV Due Date
2024-08-05 CVE Updated
2024-09-10 EPSS Updated

CWE

CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (11)

URL	Tag	Source
http://www.securityfocus.com/bid/104612	Third Party Advisory
http://www.securitytracker.com/id/1041076	Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/47220	2019-08-12
https://www.exploit-db.com/exploits/44956	2024-08-05
https://github.com/yassineaboukir/CVE-2018-0296	2020-01-30
https://github.com/milo2012/CVE-2018-0296	2018-12-09
https://github.com/bhenner1/CVE-2018-0296	2018-06-26
https://github.com/qiantu88/CVE-2018-0296	2018-12-09
http://packetstormsecurity.com/files/154017/Cisco-Adaptive-Security-Appliance-Path-Traversal.html	2024-08-05

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd	2023-08-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 9.1 < 9.1.7.29 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.1 < 9.1.7.29"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 9.2 < 9.2.4.33 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.2 < 9.2.4.33"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 9.3 < 9.4.4.18 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.3 < 9.4.4.18"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 9.5 < 9.6.4.8 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.5 < 9.6.4.8"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 9.8 < 9.8.2.28 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.8 < 9.8.2.28"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 9.9 < 9.9.2.1 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.9 < 9.9.2.1"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				8.1\(2.5\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "8.1\(2.5\)"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 9.7 < 9.7.1.24 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.7 < 9.7.1.24"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				>= 6.0 < 6.1.0 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0 < 6.1.0"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				>= 6.2.1 < 6.2.2.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.1 < 6.2.2.3"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				6.2.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version "6.2.3"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				6.2.3-85.02 Search vendor "Cisco" for product "Firepower Threat Defense" and version "6.2.3-85.02"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				6.2.3-851 Search vendor "Cisco" for product "Firepower Threat Defense" and version "6.2.3-851"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				6.2.3.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "6.2.3.1"		-		Affected