Main Vulnerability Database SB2018060810

SB2018060810 - Denial of service in Cisco Adaptive Security Appliance Web Services

Published: June 8, 2018 Updated: June 26, 2018

Security Bulletin ID SB2018060810

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2018-0296)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the web interface of the Cisco Adaptive Security Appliance (ASA) due to lack of proper input validation of the HTTP URL. A remote attacker can send a specially crafted HTTP request and cause the device to reload unexpectedly or read contest of arbitrary file on the system using directory traversal sequences.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd