1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Denial of Service Capability Group

Known Exploited Vulnerabilities Denial of Service Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2018-0296 Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability exploitation_technique T1202 Indirect Command Execution
Comments
CVE-2018-0296 is a critical vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software. This vulnerability allows an unauthenticated, remote attacker to perform directory traversal attacks and access sensitive system information.
References
  1. https://www.bleepingcomputer.com/news/security/sea-turtle-campaign-focuses-on-dns-hijacking-to-compromise-targets/
  2. https://research.securitum.com/description-of-cve-2018-0296-error-bypassing-authorization-in-cisco-asa-web-interface/
CVE-2018-0296 Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability primary_impact T1005 Data from Local System
Comments
CVE-2018-0296 is a critical vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software. This vulnerability allows an unauthenticated, remote attacker to perform directory traversal attacks and access sensitive system information.
References
  1. https://www.bleepingcomputer.com/news/security/sea-turtle-campaign-focuses-on-dns-hijacking-to-compromise-targets/
  2. https://research.securitum.com/description-of-cve-2018-0296-error-bypassing-authorization-in-cisco-asa-web-interface/
CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability secondary_impact T1608.001 Upload Malware
Comments
This vulnerability is exploited by a remote, unauthenticated attacker by sending a crafted HTTP request to a vulnerable device's web server. This exploitation is possible due to incomplete error checking when parsing HTTP headers. If successfully exploited, it can cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is associated with an attack campaign named ArcaneDoor in early 2024. This campaign targeted this vulnerability among others to implant malware, execute commands, and potentially exfiltrate data from compromised devices.
References
  1. https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
  2. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response
CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability primary_impact T1653 Power Settings
Comments
This vulnerability is exploited by a remote, unauthenticated attacker by sending a crafted HTTP request to a vulnerable device's web server. This exploitation is possible due to incomplete error checking when parsing HTTP headers. If successfully exploited, it can cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is associated with an attack campaign named ArcaneDoor in early 2024. This campaign targeted this vulnerability among others to implant malware, execute commands, and potentially exfiltrate data from compromised devices.
References
  1. https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
  2. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response
CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability is exploited by a remote, unauthenticated attacker by sending a crafted HTTP request to a vulnerable device's web server. This exploitation is possible due to incomplete error checking when parsing HTTP headers. If successfully exploited, it can cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. In early 2024, the Cisco Product Security Incident Response Team (PSIRT) identified an attack campaign named ArcaneDoor, which targeted these vulnerabilities to implant malware, execute commands, and potentially exfiltrate data from compromised devices.
References
  1. https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
  2. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response
CVE-2022-0028 Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability primary_impact T1498 Network Denial of Service
Comments
CVE-2022-0028 is a reflected amplification Distributed-Denial-of-Service (DDoS) vulnerability with Palo Alto's PAN-OS firewall software. Public reports have announced the attempted exploit of this vulnerability to produce DDOS attack.
References
  1. https://therecord.media/palo-alto-warns-of-firewall-vulnerability-used-in-ddos-attack-on-service-provider
  2. https://security.paloaltonetworks.com/CVE-2022-0028
CVE-2022-0028 Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2022-0028 is a reflected amplification Distributed-Denial-of-Service (DDoS) vulnerability with Palo Alto's PAN-OS firewall software. Public reports have announced the attempted exploit of this vulnerability to produce DDOS attack.
References
  1. https://therecord.media/palo-alto-warns-of-firewall-vulnerability-used-in-ddos-attack-on-service-provider
  2. https://security.paloaltonetworks.com/CVE-2022-0028

Capabilities

Capability ID Capability Name Number of Mappings
CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability 3
CVE-2018-0296 Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability 2
CVE-2022-0028 Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability 2