BDU:2018-01453

BDU

CriticalConfirmedExploit available

Уязвимость веб-интерфейса микропрограммного обеспечения аппаратных межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Configure F…

CVSS

9.3

Critical

EPSS

0.00

Published

2018-01-01

Updated

2018-01-01

Description

Уязвимость веб-интерфейса микропрограммного обеспечения аппаратных межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Configure Firepower Threat Defense (FTD) связана с недостаточной проверкой HTTP-запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании или раскрыть защищаемую информацию

Tags · CWE

Pre-auth

Affected products

Cisco systems inc. Adaptive security applianceCisco systems inc. Adaptive security applianceCisco systems inc. Adaptive security applianceCisco systems inc. Adaptive security applianceCisco systems inc. Adaptive security applianceCisco systems inc. Adaptive security applianceCisco systems inc. Adaptive security applianceCisco systems inc. Adaptive security applianceCisco systems inc. Configure firepower threat defenseCisco systems inc. Configure firepower threat defenseCisco systems inc. Configure firepower threat defense

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H

Timeline

2018-01-01

Published

2018-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: C

Changed (C)

Confidentiality Impact

C: L

Low (L)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

BDU:2018-01453

bdu_exploit · https://bdu.fstec.ru/vul

Enterprise

44956

exploitdb · https://www.exploit-db.com/exploits/44956

Enterprise

47220

exploitdb · https://www.exploit-db.com/exploits/47220

Enterprise

CVE-2018-0296

github-poc · https://github.com/qiantu88/CVE-2018-0296

Enterprise

Affected software

Product	Vendor	Status
adaptive security appliance	cisco systems inc.	Tracked
adaptive security appliance	cisco systems inc.	Tracked
adaptive security appliance	cisco systems inc.	Tracked
adaptive security appliance	cisco systems inc.	Tracked
adaptive security appliance	cisco systems inc.	Tracked
adaptive security appliance	cisco systems inc.	Tracked
adaptive security appliance	cisco systems inc.	Tracked
adaptive security appliance	cisco systems inc.	Tracked
configure firepower threat defense	cisco systems inc.	Tracked
configure firepower threat defense	cisco systems inc.	Tracked
configure firepower threat defense	cisco systems inc.	Tracked

Source databases

BDU

Related vulnerabilities

CVE-2018-0296

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0296@http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20180606-asaftd.html@https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd@https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv@https://www.exploit-db.com/exploits/44956/