Cisco Blogs
Share

Cisco PSIRT Notice About Public Exploitation of the Cisco ASA Web Services Denial of Service Vulnerability

- June 22, 2018 - 4 Comments

PSIRT has recently become aware of public exploitation of the Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability identified by Cisco bug ID CSCvi16029 and CVE ID CVE-2018-0296. With the security of our customers’ networks being a top priority, we’re taking active steps to raise awareness of this issue. Customers with affected devices are urged to consider necessary steps to assess and remediate any potential exposure within their network.

This vulnerability was disclosed on the 6th of June 2018.  This vulnerability could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. Only a denial of service condition (device reload) has been observed by Cisco.

Note: This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software.

Cisco strongly recommends that customers upgrade to a fixed software release to remediate this issue.

Please refer to the security advisory to obtain detailed information about affected and fixed releases, as well as how to determine if your device is impacted by this vulnerability.

 

Tags:
Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.

4 Comments

  1. Do we know if this vulnerability has been exploited? Have we seen anything in the wild?

  2. it would be very helpful, if the exact version and model is mentioned here

    nice article.