CVE-2018-0296

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description The issue is related to insufficient validation of HTTP requests in the web interface of the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software. This could allow a remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition, or view sensitive system information without authentication by using directory traversal techniques. The vulnerability affects IPv4 and IPv6 HTTP traffic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-22

Related Identifiers

BDU:2018-01453

CVE-2018-0296

Affected Products

Cisco Asa

Cisco Ftd

CVE-2018-0296

Weakness Enumeration

Related Identifiers

Affected Products

References · 21