Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Cisco security equipment is targeted at DoS attacks through an old vulnerability
A critical flaw that was successfully discovered and patched in mid-2018 was reported to reappear on Cisco Adaptive Security (ASA) and Firepower devices, enabling hackers to deploy attacks. public DoS.
Cisco has now issued a warning to customers and called for compliance with stated security recommendations to minimize risks from the vulnerability.
The aforementioned security vulnerability was tracked with the identifier CVE-2018-0296, which could be abused by remote, unauthenticated attackers, causing the device to constantly reload by sending a generated HTTP request. handmade.
In addition, an attacker could also exploit a vulnerability to gain access to sensitive information on the system without authentication. This can be achieved through path transmission techniques on the affected device.
Cisco security equipment is targeted at DoS attacks through an old vulnerability Picture 1
The flaw was actually patched last year, but it suddenly showed signs of coming back over the past few weeks, with the number of reported cases soaring, so serious that Cisco had to issue them. The notice recommends that ASA and Firepower users check, upgrade and update software to ensure safety.
Risk check
Administrators want to determine if the devices they manage are affected by CVE-2018-0296, run the following command:
show asp table socket | include SSL | DTLS
The existence of the vulnerability will be displayed according to the state of the socket. To find out the status of the vulnerability of the device, use the following command:
show processes | include Unicorn
This process will work for devices that are at high risk of being affected by the vulnerability.
In the above case, to accurately determine the potential risk, an administrator should check if the software version running on his device is on the list of versions affected by the error, has been specified by Cisco in this notice.
The reason you should check before deciding to update the code to a newer version is because the flaw is in the web framework of ASA / Firepower products, so not all devices are affected.
Micah SotoYou should read it
- Cisco ASA 5585-X - The most powerful security device available today
- Detect 2 serious security holes in the Zoom application
- What is Adaptive Security?
- 7 Cisco security tips
- White-hat hackers, from their passion to the job to earn money, and little-known things
- Top 30 serious security holes are being exploited by hackers the most
- AMD patched a series of security holes in the graphics driver for Windows 10
- Microsoft has a group of 'elite' hackers that specialize in attacking Windows to keep the operating system safe
- Internet Explorer has vulnerabilities, unused users are still hacked
- How hackers steal 9 million USD from ATM in 1 hour
- The alarming increase in the number of attacks targeted at IoT devices
- The unsafe 'feature' on UC Browser allows hackers to take control of Android phones remotely
Maybe you are interested
There is a serious security vulnerability that has existed for 18 years in AMD processors, but it is not too worrying
A dangerous vulnerability that has existed for 18 years threatens millions of AMD Ryzen and EPYC CPUs
Google Workspace security vulnerability caused thousands of user accounts to be attacked
Thousands of iOS apps could be at risk because of an open source vulnerability
Serious vulnerability in OpenSSH threatens millions of servers
Google releases emergency update to patch Chrome vulnerability
Technology story
This is the tablet form of 'cattle' in the world, challenging all the harsh limits- Apple announced a new, more diverse level of security bug detection bonus
- How much time does the world spend watching live streams in 2019?
- Decode the super exclusive cooling fan design from the world famous graphics card brands
- Amazon, Apple, Google and ZigBee cooperate in the field of smart homes
- Vulnerability detection on TP-Link routers allows an attacker to log in without a password
This is the tablet form of 'cattle' in the world, challenging all the harsh limits
Apple announced a new, more diverse level of security bug detection bonus
How much time does the world spend watching live streams in 2019?
Decode the super exclusive cooling fan design from the world famous graphics card brands
Amazon, Apple, Google and ZigBee cooperate in the field of smart homes
Vulnerability detection on TP-Link routers allows an attacker to log in without a password