Cisco Warns About Ongoing Security Exploit

Cisco’s Talos researchers have warned about an increase in exploitation attempts against its Cisco Adaptive Security Appliance (ASA) and Firepower Appliance tied to a vulnerability initially discovered last year. Cisco’s Talos researchers have warned about an increase in exploitation attempts against its Cisco Adaptive Security Appliance (ASA) and Firepower Appliance tied to a vulnerability initially discovered last year. The Cisco security vulnerability, dubbed CVE-2018-0296, is a denial-of-service (DoS) and information disclosure directory traversal bug that is found in the web framework of the Cisco appliances. Nick Biasani, a threat researcher at Cisco Talos, noted in a blog post that the bug can allow an attacker to “use a specially crafted URL to cause the ASA appliance to reboot or disclose unauthenticated information.” The bug was initially spotted by Cisco in June 2018, and given a “critical” rating. Cisco at that time recommended that customers upgrade to a “fixed software release to remediate the issue.” That upgrade is being reinforced as Biasani noted that the company has seen an “increase in frequency in the past several days and weeks.” Cisco also has a Snort signature in place that can detect this specific attack. Snort is an open source network intrusion prevention and detection system developed by Sourcefire. Cisco’s latest update does include a few test measures to see if specific appliances are still vulnerable to the exploit. “This isn’t a new vulnerability, but as exploitation continues to increase, customers need to be aware of the risk of both a denial-of-service or unauthenticated information disclosure,” Biasani wrote. “Additionally, as we head into the holidays, people take time off, but adversaries do not. Customers should validate if they are vulnerable as soon as possible and plan the appropriate patching/mitigations strategies as necessary to minimize both risk and impact to the organization.”