Avatar

PSIRT has recently become aware of public exploitation of the Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability identified by Cisco bug ID CSCvi16029 and CVE ID CVE-2018-0296. With the security of our customers’ networks being a top priority, we’re taking active steps to raise awareness of this issue. Customers with affected devices are urged to consider necessary steps to assess and remediate any potential exposure within their network.

This vulnerability was disclosed on the 6th of June 2018.  This vulnerability could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. Only a denial of service condition (device reload) has been observed by Cisco.

Note: This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software.

Cisco strongly recommends that customers upgrade to a fixed software release to remediate this issue.

Please refer to the security advisory to obtain detailed information about affected and fixed releases, as well as how to determine if your device is impacted by this vulnerability.

 



Authors

Omar Santos

Distinguished Engineer

Cisco Product Security Incident Response Team (PSIRT) Security Research and Operations