CVE-2018-0296: Cisco ASA/FTD DoS & Info Leak Exploit

In the critical infrastructure of modern networks, Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) are ubiquitous guardians. Their robust design is intended to provide a hardened perimeter. However, CVE-2018-0296 highlights a significant vulnerability within their web management interfaces that can undermine this security, leading to potential denial-of-service conditions or even unauthenticated access to sensitive system information. This deep dive dissects the technical intricacies of this flaw, offering insights crucial for defenders and offensive security professionals alike.

Executive Technical Summary

CVE-2018-0296 is a critical vulnerability affecting Cisco ASA and FTD devices with exposed web management interfaces. It stems from insufficient sanitization of HTTP URL inputs, allowing unauthenticated remote attackers to trigger a device reload (Denial of Service) or, in some configurations, exploit path traversal to access sensitive files without authentication. This vulnerability impacts both IPv4 and IPv6 traffic across a broad range of Cisco hardware and virtual appliances.

Technical Deep Dive: Root Cause and Exploitation Mechanics

CVE Identifier: CVE-2018-0296
CVSS v3.1 Score: 7.5 (High)
CVSS Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Classification: CWE-20 (Improper Input Validation), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - Path Traversal)

The heart of CVE-2018-0296 lies in a classic Improper Input Validation flaw within the web server component of Cisco ASA and FTD devices. Specifically, the application fails to adequately sanitize or canonicalize user-supplied URI paths. This oversight creates an exploitable condition where an attacker can craft a malicious HTTP request containing path traversal sequences (e.g., ../ or ..\) to navigate outside the intended web root directory.

Root Cause Analysis:

The web server, when processing incoming HTTP requests, is expected to resolve the requested resource based on the provided URL. In vulnerable versions, the logic responsible for this resolution does not sufficiently validate the input. It treats sequences like ../ as instructions to move up one directory level in the file system hierarchy, rather than treating them as literal characters within a filename. This allows an attacker to craft a URL that effectively "walks" the file system tree.

Memory Behavior and Faulty Logic:

While not a direct memory corruption vulnerability, the faulty logic in handling these traversal sequences can lead to unexpected behavior. When the server attempts to access a file path that has been manipulated to point outside its designated web root, it can trigger an unhandled exception or an internal error. The specific outcome often depends on the internal error handling routines of the ASA/FTD software. If these routines are not robust enough to gracefully manage such out-of-bounds file access attempts, the system can enter an unstable state, leading to a crash and a subsequent ungraceful reload. This is a trust boundary violation, where the web interface trusts user-provided path information without sufficient validation.

Affected Products and Versions

This vulnerability impacts a wide array of Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software deployments. The following versions are confirmed to be affected. Please refer to Cisco's official advisory for the most granular details.

Cisco ASA Software:
- 9.1.7.29 and prior (9.1 release train)
- 9.2.4.33 and prior (9.2 release train)
- 9.4.4.18 and prior (9.3 release train)
- 9.6.4.8 and prior (9.5 release train)
- 9.7.1.24 and prior (9.7 release train)
- 9.8.2.28 and prior (9.8 release train)
- 9.9.2.1 and prior (9.9 release train)
Cisco Firepower Threat Defense (FTD) Software:
- 6.1.0 and prior (6.0 release train)
- 6.2.2.3 and prior (6.2.1 release train)
- Specific versions: 6.2.3, 6.2.3-85.02, 6.2.3-851, 6.2.3.1
Affected Hardware and Virtual Appliances:
- 3000 Series Industrial Security Appliance (ISA)
- ASA 1000V Cloud Firewall
- ASA 5500 Series Adaptive Security Appliances
- ASA 5500-X Series Next-Generation Firewalls
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Adaptive Security Virtual Appliance (ASAv)
- Firepower 2100 Series Security Appliance
- Firepower 4100 Series Security Appliance
- Firepower 9300 ASA Security Module
- FTD Virtual (FTDv)
Cisco Bug ID: CSCvi16029

Real-World Exploitation Scenarios & Attack Path

Attackers targeting CVE-2018-0296 would typically initiate their campaign with reconnaissance to identify potentially vulnerable Cisco ASA or FTD devices. The primary attack vector is the device's web management interface, which is often exposed to the internet or accessible from less-secured internal network segments.

Realistic Attack Path:

Discovery and Fingerprinting: Attackers scan IP ranges for open ports, specifically targeting HTTP/HTTPS services. They might attempt to fingerprint the device by observing HTTP response headers, specific page structures, or by using vulnerability scanners that identify known Cisco ASA/FTD web interface patterns.

Exploitation (DoS): The attacker crafts a malicious HTTP GET request. The core of the exploit involves injecting a carefully constructed path traversal sequence within the URL. The objective is to force the web server to attempt an invalid file read or access operation that triggers an internal error.

Conceptual Exploit Request Snippet (Illustrative - Actual exploitation may vary):

GET /+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE

CVE-2018-0296: Cisco ASA/FTD DoS & Info Leak Exploit

Executive Technical Summary

Technical Deep Dive: Root Cause and Exploitation Mechanics

CVE Identifier: CVE-2018-0296

CVSS v3.1 Score: 7.5 (High)

CVSS Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Classification: CWE-20 (Improper Input Validation), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - Path Traversal)

Root Cause Analysis:

Memory Behavior and Faulty Logic:

Affected Products and Versions

Cisco ASA Software:

9.1.7.29 and prior (9.1 release train)
9.2.4.33 and prior (9.2 release train)
9.4.4.18 and prior (9.3 release train)
9.6.4.8 and prior (9.5 release train)
9.7.1.24 and prior (9.7 release train)
9.8.2.28 and prior (9.8 release train)
9.9.2.1 and prior (9.9 release train)

Cisco Firepower Threat Defense (FTD) Software:

6.1.0 and prior (6.0 release train)
6.2.2.3 and prior (6.2.1 release train)
Specific versions: 6.2.3, 6.2.3-85.02, 6.2.3-851, 6.2.3.1

Affected Hardware and Virtual Appliances:

3000 Series Industrial Security Appliance (ISA)
ASA 1000V Cloud Firewall
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4100 Series Security Appliance
Firepower 9300 ASA Security Module
FTD Virtual (FTDv)

Cisco Bug ID: CSCvi16029

Real-World Exploitation Scenarios & Attack Path

Realistic Attack Path:

Discovery and Fingerprinting: Attackers scan IP ranges for open ports, specifically targeting HTTP/HTTPS services. They might attempt to fingerprint the device by observing HTTP response headers, specific page structures, or by using vulnerability scanners that identify known Cisco ASA/FTD web interface patterns.

Conceptual Exploit Request Snippet (Illustrative - Actual exploitation may vary):

GET /+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE+/../+CSCOE