Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-0296

Published: 07/06/2018 Updated: 15/08/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 513
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Adaptive Security Appliance Software

Vulnerability Summary

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote malicious user to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the malicious user to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco adaptive security appliance software 8.1\\(2.5\\)

cisco adaptive security appliance software

cisco firepower threat defense 6.2.3

cisco firepower threat defense

cisco firepower threat defense 6.2.3.1

cisco firepower threat defense 6.2.3-851

cisco firepower threat defense 6.2.3-85.02

Vendor Advisories

Cisco: Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive ...

Exploits

Exploit DB: Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
require 'msf/core' class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient def initialize(info={}) super(update_info(info, 'Name' => "Cisco Adaptive Security Appliance - Path Traversal", 'Description' => %q{ Cisco Adaptive Security Appliance - Pat ...
Exploit DB: Cisco Adaptive Security Appliance - Path Traversal
''' Cisco Adaptive Security Appliance - Path Traversal (CVE-2018-0296) A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques Vulnerable Products This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Sof ...
Exploit DB: Cisco Adaptive Security Appliance Path Traversal
This Metasploit module exploits a security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques ...
Exploit DB: Cisco Adaptive Security Appliance Path Traversal
Cisco Adaptive Security Appliance suffers from a path traversal vulnerability ...
Exploit DB: Cisco Adaptive Security Appliance Path Traversal
This Metasploit module exploits a security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques ...

Github Repositories

https://github.com/bhenner1/CVE-2018-0296

Cisco ASA - CVE-2018-0296 | Exploit

Exploit-CVE-2018-0296 Python exploit for the recent Cisco ASA Path Traversal VulnerabilityThis exploit will try to return the files from the index Usage $ git clone githubcom/bhenner1/CVE-2018-0296git $ cd CVE-2018-0296 $ python CVE-2018-0296py $ Vulnerable URL/IP - <IP>

https://github.com/milo2012/CVE-2018-0296

Test CVE-2018-0296 and extract usernames

CVE-2018-0296 Test CVE-2018-0296 and extract usernames from Cisco ASA Refer to sekurakpl/opis-bledu-cve-2018-0296-ominiecie-uwierzytelnienia-w-webinterfejsie-cisco-asa/ for more technical details #Help Menu $ /CVE-2018-0296 -h Options: -h, --help display help information -u, --url Url of target device -i IP of Socks Proxy -p Port o

https://github.com/3ndG4me/CVE-2020-3452-Scanner

Just basic scanner abusing CVE-2020-3452 to enumerate the standard files accessible in the Web Directory of the CISCO ASA applicances.

CVE-2020-3452-Exploit Just basic exploit abusing CVE-2020-3452 to enumerate the standard files accessible in the Web Directory of CISCO ASA/FTD applicances Usage: By default this uses a file list constructed from sample output from CVE-2018-0296 in the Metasploit Framework (githubcom/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/http/

https://github.com/tomikoski/common-lists

Misc stuff from internet

Links An attempt to sort stuff in different categories Browsers / Browser extensions githubcom/fransr/postMessage-tracker Bugbounty githubcom/EdOverflow/bugbounty-cheatsheet githubcom/arkadiyt/bounty-targets-data githubcom/ngalongc/bug-bounty-reference githubcom/streaak/keyhacks githubcom/nahamsec/lazys3 Burp gi

https://github.com/iveresk/cve-2020-3452

Just proof of concept for Cisco CVE-2020-3452. Using external or internal file base.

CVE-2020-3452-Exploit For Educational Purpose ONLY! Just basic exploit abusing CVE-2020-3452 to enumerate the standard files accessible in the Web Directory of CISCO ASA/FTD applicances Usage: By default this uses a file list constructed from sample output from CVE-2018-0296 in the Metasploit Framework (githubcom/rapid7/metasploit-framework/blob/master/documentation/m

https://github.com/3ndG4me/CVE-2020-3452-Exploit

Just basic scanner abusing CVE-2020-3452 to enumerate the standard files accessible in the Web Directory of the CISCO ASA applicances.

CVE-2020-3452-Exploit Just basic exploit abusing CVE-2020-3452 to enumerate the standard files accessible in the Web Directory of CISCO ASA/FTD applicances Usage: By default this uses a file list constructed from sample output from CVE-2018-0296 in the Metasploit Framework (githubcom/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/http/

https://github.com/GarnetSunset/CiscoIOSSNMPToolkit

Cisco iOS SNMP Overflow Exploit Toolkit (CVE-2017-6736)

CiscoIOSSNMPToolkit Cisco iOS SNMP Overflow Exploit Toolkit (CVE-2017-6736) CVE-2018-0296? I have recently submodded CVE-2018-0296, which can be used in junction with this original exploit, can be used to do reconnaissance and see what is contained in the appliance beforehand

https://github.com/yassineaboukir/CVE-2018-0296

Script to test for Cisco ASA path traversal vulnerability (CVE-2018-0296) and extract system information.

Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 Author: Yassine Aboukir A security vulnerability identified in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal

https://github.com/qiantu88/CVE-2018-0296

https://github.com/milo2012/CVE-2018-0296.git

CVE-2018-0296 Test CVE-2018-0296 and extract usernames from Cisco ASA Refer to sekurakpl/opis-bledu-cve-2018-0296-ominiecie-uwierzytelnienia-w-webinterfejsie-cisco-asa/ for more technical details #Help Menu $ /CVE-2018-0296 -h Options: -h, --help display help information -u, --url Url of target device -i IP of Socks Proxy -p Port o

https://github.com/moli1369/cisco-user

CVE-2018-0296 Test CVE-2018-0296 and extract usernames from Cisco ASA Refer to sekurakpl/opis-bledu-cve-2018-0296-ominiecie-uwierzytelnienia-w-webinterfejsie-cisco-asa/ for more technical details #Help Menu $ /CVE-2018-0296 -h Options: -h, --help display help information -u, --url Url of target device -i IP of Socks Proxy -p Port o

https://github.com/rudinyu/KB

DGA cyberwtf/2017/08/30/dga-classification-and-detection-for-automated-malware-analysis/ githubcom/philarkwright/DGA-Detection githubcom/exp0se/dga_detector githubcom/jayjacobs/dga-tutorial githubcom/pchaigno/dga-collection githubcom/endgameinc/dga_predict githubcom/exctzo/dga_prediction_model **docs

Recent Articles

Black-hat sextortionists required: Competitive salary and dental plan
The Register • Gareth Corfield • 21 Feb 2019

Cybercrims aren't just raking it in – they're dishing it out too Hacker cyber-gang: Give us cyber-cash for cyber-cache of 18,000 stolen Sept 11th insurance docs

Extortionists are promising salaries of more than a quarter of a million pounds to skilled infosec folk willing to put on a black hat, according to research outfit Digital Shadows. Those salaries are on offer to people willing to blackmail and extort money out of "high net worth individuals" – and at the upper end of the scale have even reportedly topped £840,000. A group of mischief-makers calling themselves "thedarkoverlord" would post job advertisements "with specifications and salaries th...

Read more...

References

CWE-22https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftdhttp://www.securitytracker.com/id/1041076https://www.exploit-db.com/exploits/44956/https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01http://www.securityfocus.com/bid/104612http://packetstormsecurity.com/files/154017/Cisco-Adaptive-Security-Appliance-Path-Traversal.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/47220https://github.com/bhenner1/CVE-2018-0296https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook