Exploited vulnerability in Cisco ASA and Firepower devices

Share this…

A severe vulnerability affecting CISCO ASA and Firepower devices is being exploited after an exploit was released online, as revealed by late pentest.

According to reports from the company itself and the International Institute of Cyber Security, the Cisco security team is aware of a public proof-of-concept exploit and has alerted its users about the services which may be related to this vulnerability. At the time, the company strongly recommended its users to update the software of their Cisco ASA devices, which was launched to face the problems that generated this exploit.

A report by Michal Bentkowsky, the pentest expert who discovered and reported the failure to Cisco, says that if exploiting the vulnerability does not generate DoS attacks, attackers could still extract information such as user names or information about their activity.

About CVE-2018-0296 vulnerability

The vulnerability affects software of Cisco’s ASA and Firepower devices and can be exploited by an unauthenticated remote attacker to cause an affected device to reload unexpectedly.

The company also warns that in certain versions this unexpected load does not occur, but an attacker could gain access to sensitive system information without authentication by using directory traversal methods.

The complete list of affected devices includes:

  • Industrial Security Appliance 3000 (ISA)
  • ASA 1000V Cloud Firewall
  • ASA 5500
  • ASA 5500-X
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 y 4100
  • Firepower 9300 ASA Security Module
  • FTD Virtual (FTDv)

There are no solutions available yet, as the company continues to perform pentest and evaluating their systems, so if you haven’t yet implemented the available updates, you are advised to do so as soon as possible.