Cisco Blogs
Share

Cisco PSIRT Notice About Public Exploitation of the Cisco ASA Web Services Denial of Service Vulnerability


June 22, 2018 - 4 Comments

PSIRT has recently become aware of public exploitation of the Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability identified by Cisco bug ID CSCvi16029 and CVE ID CVE-2018-0296. With the security of our customers’ networks being a top priority, we’re taking active steps to raise awareness of this issue. Customers with affected devices are urged to consider necessary steps to assess and remediate any potential exposure within their network.

This vulnerability was disclosed on the 6th of June 2018.  This vulnerability could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. Only a denial of service condition (device reload) has been observed by Cisco.

Note: This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software.

Cisco strongly recommends that customers upgrade to a fixed software release to remediate this issue.

Please refer to the security advisory to obtain detailed information about affected and fixed releases, as well as how to determine if your device is impacted by this vulnerability.

 



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

4 Comments

  1. Do we know if this vulnerability has been exploited? Have we seen anything in the wild?

  2. it would be very helpful, if the exact version and model is mentioned here

    • ok

  3. nice article.