Cisco has released the security advisory to address a vulnerability in Cisco Adaptive Security Appliance (ASA) software with web management interface enabled. An authenticated but unprivileged remote attacker could exploit the vulnerability by sending specially crafted HTTP request via HTTPS to an affected system.
Successful exploitation of the vulnerability could lead to information disclosure and data tampering.
Software updates for affected systems are now available. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.
Users should contact their product support vendors for the fixes and assistance.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc
https://www.us-cert.gov/ncas/current-activity/2018/12/19/Cisco-Releases-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15465