A vulnerability (CVE-2018-15454) affecting a slew Cisco security appliances, modules and firewalls is being exploited in the wild to crash and reload the devices, the company has warned on Thursday.
About CVE-2018-15454
The vulnerability is in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software, and allows unauthenticated, remote attackers to cause an affected device to reload or trigger high CPU, resulting in a DoS condition.
“The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device,” Cisco explained.
The list of affected products is considerable:
- 3000 Series Industrial Security Appliance (ISA)
- ASA 5500-X Series Next-Generation Firewalls
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Adaptive Security Virtual Appliance (ASAv)
- Firepower 2100 Series Security Appliance
- Firepower 4100 Series Security Appliance
- Firepower 9300 ASA Security Module
- FTD Virtual (FTDv).
These devices are vulnerable if they run Cisco ASA Software Release 9.4 and later and Cisco FTD Software Release 6.0 and if they have SIP enabled (it’s enabled in the default configuration).
