Cisco has cautioned clients that a susceptibility repaired last year in its Adaptive Security Appliance (ASA) and Firepower Appliance products continues to be beset by cyberthieves.
Tracked as CVE-2018-0296, the flaw lets a remote, unverified attacker gain access to important information through directory traversal methods. It can also be abused for denial-of-service (DoS) attacks.
The security shortcoming was repaired in early June 2018 and the first DoS attacks were marked only a few weeks later. Many proof-of-concept (PoC) exploits have been made openly available.
Cisco firstly classified the susceptibility as high severity, but lately changed its evaluation to critical after learning of more attacks.
Related Article: CISCO ASA Vulnerability Action in DoS Threats
The company updated its advisory in September 2019 to caution customers of new attack efforts, and Cisco Talos on Friday published a blog post to say that attacks “appeared to increase in frequency in the past several days and weeks.”
“This isn’t a new vulnerability, but as exploitation continues to increase, customers need to be aware of the risk of both a denial-of-service or unauthenticated information disclosure. Additionally, as we head into the holidays, people take time off, but adversaries do not,” Cisco Talos said.
When the first bouts abusing CVE-2018-0296 were spotted, it was highlighted that it’s easy to find susceptible Cisco devices on the web using Shodan and even Google.
Some specialists also believe that CVE-2018-0296 may have been the DoS flaw whose misuse caused disruptions to electrical system operations earlier this year at a power utility in the United States.