#VU13246 Path traversal in Cisco Systems, Inc products - CVE-2018-0296
Published: June 6, 2018 / Updated: February 20, 2022
Vulnerability identifier: #VU13246
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2018-0296
CWE-ID: CWE-23
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
3000 Series Industrial Security Appliance (ISA)
Firepower 2100 Series Security Appliance
Cisco ASA 1000V Cloud Firewall
Cisco ASA 5500-X Series
Cisco ASA 5500
Cisco Firepower 9300 Security Appliance
Cisco Adaptive Security Virtual Appliance (ASAv)
Cisco Firepower 4100 Series Next-Generation Firewall
3000 Series Industrial Security Appliance (ISA)
Firepower 2100 Series Security Appliance
Cisco ASA 1000V Cloud Firewall
Cisco ASA 5500-X Series
Cisco ASA 5500
Cisco Firepower 9300 Security Appliance
Cisco Adaptive Security Virtual Appliance (ASAv)
Cisco Firepower 4100 Series Next-Generation Firewall
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the web interface of the Cisco Adaptive Security Appliance (ASA) due to lack of proper input validation of the HTTP URL. A remote attacker can send a specially crafted HTTP request and cause the device to reload unexpectedly or read contest of arbitrary file on the system using directory traversal sequences.
Remediation
Install update from vendor's website.