Main Vulnerability Database Exploits ID:5900 - Exploit for Path traversal in Cisco Systems, Inc products - CVE-2018-0296

ID:5900 - Exploit for Path traversal in Cisco Systems, Inc products - CVE-2018-0296

Published: June 17, 2021

Vulnerability identifier: #VU13246

Vulnerability risk: Medium

CVE-ID: CVE-2018-0296

CWE-ID: CWE-23

Exploitation vector: Remote access

Vulnerable software:
3000 Series Industrial Security Appliance (ISA)
Cisco ASA 1000V Cloud Firewall
Cisco ASA 5500-X Series
Cisco ASA 5500
Cisco Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Cisco Firepower 4100 Series Next-Generation Firewall
Cisco Firepower 9300 Security Appliance

Link to public exploit:

https://www.exploit-db.com/exploits/47220/

Vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the web interface of the Cisco Adaptive Security Appliance (ASA) due to lack of proper input validation of the HTTP URL. A remote attacker can send a specially crafted HTTP request and cause the device to reload unexpectedly or read contest of arbitrary file on the system using directory traversal sequences.

Remediation

Install update from vendor's website.

ID:5900 - Exploit for Path traversal in Cisco Systems, Inc products - CVE-2018-0296

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human