Threat Encyclopedia

Cisco.ASA.HTTP.URL.Directory.Traversal

description-logoDescription

This indicates an attack attempt to exploit a Directory Traversal vulnerability in Cisco Adaptive Security Appliance.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted HTTP request. A remote attacker can exploit this to cause a denial of service condition, or possibly gain unauthorized access to sensitive information.

affected-products-logoAffected Products

3000 Series Industrial Security Appliance (ISA)
ASA 1000V Cloud Firewall
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4100 Series Security Appliance
Firepower 9300 ASA Security Module
FTD Virtual (FTDv)

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's advisory for updates:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd

CVE References

CVE-2018-0296

Other References

44956