Last summer, a vulnerability was discovered and fixed. CVE-2018-0296affecting the products of the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), and already at that time used by hackers. The bug allowed an attacker without authentication to view various classified information using the directory traversal technique. However, a side effect of exploiting the vulnerability was the ability to provoke a denial of service (DoS) on the vulnerable device by simply sending a special HTTP request to the victim.
Almost simultaneously with the disclosure of information about vulnerabilities in the network, publicly available PoC exploits for this problem appeared, so experts warned that the attacks were definitely not far off, as it really happened.
Now Cisco Talos Experts warnthat since September 2019, they have been observing a new wave of attacks using CVE-2018-0296, and in recent weeks, attacks have become even more active. That is, the number of vulnerable devices is still considerable.
“This is not a new vulnerability, but as it is being exploited more and more actively, customers should be aware of the risks associated with DoS attacks and information disclosure. In addition, although holidays are approaching and people are taking weekends, attackers do not rest, ”analysts write.