—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability

Advisory ID: cisco-sa-20180606-asaftd

Revision: 1.0

For Public Release: 2018 June 6 16:00 GMT

Last Updated: 2018 June 6 16:00 GMT

CVE ID(s): CVE-2018-0296

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary

=======

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques.

The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbGAZFXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczNc4P/2ham4mnyZv8GDmWvH3Bf5By5qlX
5pWpivHqTjan0wx6swI9DjjvYZO6c4Pi5/V2PIBOboxURnH7R6ViFxeQW+moz6wt
MtXWnrOQlHzXLnsAMBfoFQ2hufD1jFzWLFBa4LfxckvWlzz4EgzBcFNP5D58A6Tv
cyvP6UTLov0O+ThXBELwdQsbF4YLIP2CPYbgKYjAwVqZ0dnU1Ah8xvfGkyzLUYfG
rbz00PXqlZbtJijD2dwan633BiJkpI6jYLD681I6p9rcRkc39oPsLx/qxJJBp7b2
a1n/aKF9zNDRemr+l+IO1d7nkpDVyUUBsL9MnYuyqAo4Qw269O9iPi2EXjx0+bEX
38yYNhv9UILadtH1a6JfghujFkBNqJqQQCZrcw5WdPolHzecfHBayzpCad5I+QOl
LDKJsfne9cFP3ATrnw/MKwHZJAEAQDAvmi5tMmWJkwZAsfNTVy0v1AkPLgxLYZsm
DO/b+nRmz2tsIazoRYLNbHZI4j07kaeNw0auY3IakLGVRbD/dMWnaWyPH0+doQqC
SQiat8Y6VHS+wSuI4T0Eq6a6MrmVld34X7MhAlRS2Ztjwtn5moWC1tkKAcZsHgXl
d7trMxv8owv4lyWJEVbAY8wmRWN4REPaBbKFcjpzKc5L5zVRFF9Y4SKR4utxHnmD
SvwRv9xRqgultSxm
=9o0p
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com