LTS Secure Warning: Cisco ASA Flaw Exploited in DoS Attacks

In a recent development Cisco Adaptive Security Appliance (ASA) web interface allowing hackers to attack remotely, and cause an affected device to reload unexpectedly, causing in denial of service (DoS) condition.

Also, attackers found a way to stop ASA reload of certain software releases that could view the sensitive system information using directory traversal techniques.

Technical Details

The flaw was reported by researcher Michal Bentkowski, who discovered that a remote and unauthenticated attacker could gain access to sensitive system information through directory traversal techniques. Cisco’s own analysis of the bug revealed that it can also be exploited to cause impacted devices to reload and enter a DoS condition.

According to Cisco, the vulnerability exists due to the lack of proper input validation of the HTTP URL. An attacker can exploit the security hole by sending specially crafted HTTP requests to the targeted device. The list of impacted devices includes 3000 series Industrial Security Appliances, ASA firewalls, and Firepower products.

Cisco has updated its advisory last week to warn users that the vulnerability has been exploited to cause a DoS condition. The company noted that it has not seen any attacks attempting to leverage the flaw to obtain sensitive information.

Impact

This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products:

3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module.

Recommended Actions

Cisco strongly recommends that customers upgrade to a fixed Cisco ASA software release to remediate this issue.

To know more about Cisco ASA Flaw, click on the link.