Details of VAR-201806-1026

ID

VAR-201806-1026

CVE

CVE-2018-0296

TITLE

Cisco Adaptive Security Appliance and Firepower Threat Defense Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006154

DESCRIPTION

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. Vendors have confirmed this vulnerability Bug ID CSCvi16029 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. ASASoftware and FirepowerThreatDefense (FTD) Software are operating systems that run on different devices

Trust: 2.34

sources: NVD: CVE-2018-0296 // JVNDB: JVNDB-2018-006154 // CNVD: CNVD-2018-11320 // VULHUB: VHN-118498 // VULMON: CVE-2018-0296

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-11320

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3	Trust: 1.6
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3-85.02	Trust: 1.6
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3-851	Trust: 1.6
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.2.28	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.2.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.4.4.18	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.1\(2.5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.2.4.33	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.6.4.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.9.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.2	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.1.7.29	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.2.1	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.1.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.7.1.24	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.9	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa series next-generation firewalls	scope:	eq	version:	5500-x	Trust: 0.6
vendor:	cisco	model:	adaptive security virtual appliance	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	firepower asa security module	scope:	eq	version:	9300	Trust: 0.6
vendor:	cisco	model:	asa cloud firewall	scope:	eq	version:	1000v	Trust: 0.6
vendor:	cisco	model:	asa series adaptive security appliances	scope:	eq	version:	5500	Trust: 0.6
vendor:	cisco	model:	firepower series security appliances	scope:	eq	version:	4100	Trust: 0.6
vendor:	cisco	model:	series industrial security appliance	scope:	eq	version:	3000	Trust: 0.6
vendor:	cisco	model:	firepower series security appliance	scope:	eq	version:	2100	Trust: 0.6
vendor:	cisco	model:	ftd virtual	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	asa services module for cisco catalyst series switches and cisco series routers	scope:	eq	version:	65007600	Trust: 0.6
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.2	Trust: 0.6
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.1	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.9\(1\)	Trust: 0.6
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.0.0	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.9\(2\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8\(2\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(4.1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3(8)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(3.4)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(5.12)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.14.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(3.9)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(2.5)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6(2.10)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.27	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.12	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(4.1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.13	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(0.104)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5(1.4)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.13.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(7)	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.1(11)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(4.13)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.4.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.4(6)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.515	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(4.21)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(1.4)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(2.10)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(4.32)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.3.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(1.8)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(1.50)	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.0	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(4.5)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.20	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.45	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(1.7)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(4.13)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(3.10)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(4.42)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.2.9	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.1.0.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(2.8)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(4.39)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(4.11)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.1.0.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(0.0)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.7.17	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(3)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(3)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.7.1.24	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.14	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.34	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.3(1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(7.16)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(3.1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(3.4)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.2.10	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.2.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.12.10	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.6.4.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.13.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(7.13)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(4.38)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.15	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4(3.6)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(6)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1.4.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.2.4.33	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.4.14	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.2.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.9.2.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(3.11)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.14.20	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.(3.1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.4(3)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(2)8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(5.7)	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.0.1.4	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliances	scope:	eq	version:	55000	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(4.3)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(3.8)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6(3)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4(2)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(6.1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(6.2)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.(0.115)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.3.9	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.12.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(4.5)	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.2.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4(1.1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(2)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5(3)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(6.9)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.3.20	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.14.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(2.6)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.1.4.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.1.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.26	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.3.17	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(3.3)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.3.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(3.8)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1.5	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.2.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6(1.5)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.7(0.99)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.12	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.11	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(5.1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3(10)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(1.105)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(7.7)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.7(19)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(3.2)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.24	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.4.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.13	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(4.6)	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.0.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.29	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(3.6)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4(40)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(1.1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4(2.6)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.512	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(4.8)	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.4.13	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.2.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.1.4.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(4.8)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.14.24	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.14.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4(2.4)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.7(9)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5(2)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(4.33)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.13.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.14.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.1.3.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5(2.6)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.11.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(7.6)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.4.4.18	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(3.1)	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(3.7)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(2.243)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.14.17	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(5.106)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6(2.99)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5(2.2)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(1.2)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4(4)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.510	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	ne	version:	6.2.2.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.21	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.7.20	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(4.29)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.8.2.28	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(2)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.24	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(2.4)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(2.100)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.1.7.29	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.2.21	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.7(1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(2.6)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.7(16)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.2.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1.3.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.17	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4(14)	Trust: 0.3

sources: CNVD: CNVD-2018-11320 // BID: 104612 // JVNDB: JVNDB-2018-006154 // CNNVD: CNNVD-201806-401 // NVD: CVE-2018-0296

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0296
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0296
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-11320
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201806-401
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118498
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-0296
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0296
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-11320
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118498
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0296
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0296
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-11320 // VULHUB: VHN-118498 // VULMON: CVE-2018-0296 // JVNDB: JVNDB-2018-006154 // CNNVD: CNNVD-201806-401 // NVD: CVE-2018-0296

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-22	Trust: 1.1

sources: VULHUB: VHN-118498 // JVNDB: JVNDB-2018-006154 // NVD: CVE-2018-0296

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-401

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201806-401

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006154

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-118498 // VULMON: CVE-2018-0296

PATCH

title:	cisco-sa-20180606-asaftd	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd	Trust: 0.8
title:	Several Cisco products ASASoftware and FirepowerThreatDefenseSoftware enter patches for verification vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/131753	Trust: 0.6
title:	Cisco: Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180606-asaftd	Trust: 0.1
title:	CVE-2018-0296	url:	https://github.com/qiantu88/CVE-2018-0296	Trust: 0.1
title:	CVE-2018-0296	url:	https://github.com/milo2012/CVE-2018-0296	Trust: 0.1
title:	CVE-2018-0296	url:	https://github.com/yassineaboukir/CVE-2018-0296	Trust: 0.1
title:	CVE-2018-0296	url:	https://github.com/irbishop/CVE-2018-0296	Trust: 0.1
title:	CVE-2018-0296	url:	https://github.com/bhenner1/CVE-2018-0296	Trust: 0.1
title:	CiscoIOSSNMPToolkit	url:	https://github.com/GarnetSunset/CiscoIOSSNMPToolkit	Trust: 0.1
title:	common-lists	url:	https://github.com/tomikoski/common-lists	Trust: 0.1
title:	-	url:	https://github.com/iveresk/cve-2020-3452	Trust: 0.1
title:	CVE-2020-3452-Exploit	url:	https://github.com/3ndG4me/CVE-2020-3452-Exploit	Trust: 0.1
title:	KB	url:	https://github.com/rudinyu/KB	Trust: 0.1
title:	RedTeam	url:	https://github.com/slimdaddy/RedTeam	Trust: 0.1

sources: CNVD: CNVD-2018-11320 // VULMON: CVE-2018-0296 // JVNDB: JVNDB-2018-006154

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0296	Trust: 3.5
db:	ICS CERT	id:	ICSA-18-184-01	Trust: 2.8
db:	EXPLOIT-DB	id:	44956	Trust: 2.6
db:	BID	id:	104612	Trust: 2.0
db:	PACKETSTORM	id:	154017	Trust: 1.7
db:	SECTRACK	id:	1041076	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-006154	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-401	Trust: 0.7
db:	EXPLOITDB	id:	44956	Trust: 0.6
db:	CNVD	id:	CNVD-2018-11320	Trust: 0.6
db:	EXPLOIT-DB	id:	47220	Trust: 0.6
db:	PACKETSTORM	id:	148365	Trust: 0.1
db:	PACKETSTORM	id:	148658	Trust: 0.1
db:	SEEBUG	id:	SSVID-97368	Trust: 0.1
db:	VULHUB	id:	VHN-118498	Trust: 0.1
db:	VULMON	id:	CVE-2018-0296	Trust: 0.1

sources: CNVD: CNVD-2018-11320 // VULHUB: VHN-118498 // VULMON: CVE-2018-0296 // BID: 104612 // JVNDB: JVNDB-2018-006154 // CNNVD: CNNVD-201806-401 // NVD: CVE-2018-0296

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-asaftd	Trust: 3.2
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-184-01	Trust: 2.8
url:	https://www.exploit-db.com/exploits/44956/	Trust: 2.6
url:	http://packetstormsecurity.com/files/154017/cisco-adaptive-security-appliance-path-traversal.html	Trust: 2.3
url:	http://www.securityfocus.com/bid/104612	Trust: 1.7
url:	http://www.securitytracker.com/id/1041076	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0296	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0296	Trust: 0.8
url:	https://www.exploit-db.com/exploits/47220	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-http-url-28680	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://github.com/yassineaboukir/cve-2018-0296	Trust: 0.3

sources: CNVD: CNVD-2018-11320 // VULHUB: VHN-118498 // BID: 104612 // JVNDB: JVNDB-2018-006154 // CNNVD: CNNVD-201806-401 // NVD: CVE-2018-0296

CREDITS

security researcher Michal Bentkowski from Securitum .,Angelo Ruwantha

Trust: 0.6

sources: CNNVD: CNNVD-201806-401

SOURCES

db:	CNVD	id:	CNVD-2018-11320
db:	VULHUB	id:	VHN-118498
db:	VULMON	id:	CVE-2018-0296
db:	BID	id:	104612
db:	JVNDB	id:	JVNDB-2018-006154
db:	CNNVD	id:	CNNVD-201806-401
db:	NVD	id:	CVE-2018-0296

LAST UPDATE DATE

2024-08-14T14:33:09.045000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-11320	date:	2018-09-06T00:00:00
db:	VULHUB	id:	VHN-118498	date:	2020-09-04T00:00:00
db:	VULMON	id:	CVE-2018-0296	date:	2023-08-15T00:00:00
db:	BID	id:	104612	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006154	date:	2018-08-09T00:00:00
db:	CNNVD	id:	CNNVD-201806-401	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2018-0296	date:	2023-08-15T15:21:44.127

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-11320	date:	2018-06-12T00:00:00
db:	VULHUB	id:	VHN-118498	date:	2018-06-07T00:00:00
db:	VULMON	id:	CVE-2018-0296	date:	2018-06-07T00:00:00
db:	BID	id:	104612	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006154	date:	2018-08-09T00:00:00
db:	CNNVD	id:	CNNVD-201806-401	date:	2018-06-08T00:00:00
db:	NVD	id:	CVE-2018-0296	date:	2018-06-07T12:29:00.403