Cisco Talos is reporting on a vulnerability in the company’s Cisco Adaptive Security Appliance (ASA) and Firepower Appliance that is being openly exploited.
The issue, CVE-2018-0296, is a denial-of-service and information disclosure directory traversal bug in the web framework of the appliance. Using a specially crafted URL an attacker could cause the ASA appliance to reboot or disclose unauthenticated information. Cisco Talos has noted a spike in exploitation attempts using this flaw, which was first reported in June 2018.
The company noted that not all appliances are affected and admin’s can run a couple of simple tests to see if their systems are at risk.
Simply type the commands:
- show asp table socket | include SSL|DTLS – if any listening sockets are shown then there is a risk.
To determine the specific risk type the command line:
- show processes | include Unicorn
“If the process is shown as running, the likelihood of a vulnerability existing is elevated and the administrator should validate the running version of code on the appliance to determine if it is one of the affected versions listed in the advisory. If it is listed, then updating to a non-affected version is the most effective mitigation,” Cisco Talos wrote.