Cisco ASA and Firepower flaw exploited in the wild
A high-severity vulnerability affecting Cisco ASA and Firepower security appliances is being exploited in the wild after an exploit has been released online on Friday.
“Cisco PSIRT has become aware of a public proof-of-concept exploit and is aware of customer device reloads related to this vulnerability. Cisco strongly recommends that customers upgrade to a fixed Cisco ASA software release to remediate this issue,” the company noted in an update to the advisory originally published on June 6.
According to this write-up (in Polish) that Michal Bentkowski, the bug hunter who discovered and reported the flaw to Cisco, flagged in a tweet, if the exploitation does not result in DoS the attacker might extract information such as the username of the logged-in user or information about active sessions.
About the vulnerability (CVE-2018-0296)
The vulnerability affects Cisco ASA software and Cisco Firepower Threat Defense (FTD) software.
It can be leveraged by an unauthenticated, remote attacker to cause an affected device to reload unexpectedly.
“It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques,” Cisco warns.
Affected devices include:
- 3000 Series Industrial Security Appliance (ISA)
- ASA 1000V Cloud Firewall
- ASA 5500 Series Adaptive Security Appliances
- ASA 5500-X Series Next-Generation Firewalls
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Adaptive Security Virtual Appliance (ASAv)
- Firepower 2100 and 4100 Series Security Appliance
- Firepower 9300 ASA Security Module
- FTD Virtual (FTDv).
No workarounds are available, so if you haven’t yet implemented the updates that have been available for nearly a month, do so now.
Cisco has also recently plugged a bucketload of flaws found in many of its switches, next generation firewalls and security appliances.