Cisco security experts have noticed a sudden spike in vulnerability exploits against Cisco Adaptive Security Appliance (ASA) and Firepower Appliance.
Cisco’s Talos security group spotted the recent spike in malicious activity against Cisco’s ASA and Firepower Appliance. The denial-of-service and information disclosure directory traversal vulnerability CVE-2018-0296 was discovered in the web framework of the appliances. The issue was also fixed last year.
“This vulnerability was first noticed being exploited publicly back in June 2018, but it appeared to increase in frequency in the past several days and weeks. As such, we are advising all customers to ensure they are running a non-affected version of code. ,” Cisco warned in the blog post.
Cisco has also provided instructions for administrators on how to confirm whether their devices are impacted by the bug.
For example, by running the command below, you can determine whether the device has any listening sockets and thus vulnerable to the bug.
show asp table socket | include SSL|DTLS
In the next step, you can run the following command to determine whether the vulnerable process is running and thus the likelihood of a vulnerability is higher.
show processes | include Unicorn
Cisco urges organizations to be diligent in updating their devices to the latest software versions.