A critical flaw that was successfully discovered and patched in mid-2018 has been reported to reappear on Cisco Adaptive Security (ASA) and Firepower devices, enabling hackers to deploy attacks. public DoS.
Cisco has now issued a warning to customers and called for compliance with stated security recommendations to minimize risks from the vulnerability.
The aforementioned security vulnerability is monitored with the identifier CVE-2018-0296, which can be abused by remote, unauthenticated attackers, causing the device to continually reload by sending an generated HTTP request. handmade.
In addition, an attacker could also exploit a vulnerability to gain access to sensitive information on the system without authentication. This can be achieved through path transmission techniques on the affected device.
The flaw was actually patched last year, but it suddenly showed signs of coming back over the past few weeks, with the number of reported cases soaring, so serious that Cisco had to issue them. The notice recommends ASA and Firepower users to check and upgrade, update software to ensure safety.
Administrators want to determine if the devices they manage are affected by CVE-2018-0296, run the following command:
show asp table socket | include SSL|DTLS
The existence of the vulnerability will be displayed according to the status of the socket. To find out the status of the vulnerability of the device, use the following command:
show processes | include Unicorn
This process will work for devices that are at high risk of being affected by the vulnerability.
In the above case, to accurately determine the potential risk, an administrator should check if the software version running on his device is on the list of versions affected by the error, has been specified by Cisco in this notice.
The reason you should check before deciding to update the code to a newer version is because the flaw is in the web framework of ASA / Firepower products, so not all devices are affected.