Skip to content

vSOC SPOT Report: Vulnerability in CISCO ASA SIP (CVE-2018-15454)

Posted by:

2 min read

Overview

This SPOT Report contains information on the latest vulnerability found in the Cisco ASA firewall, Cisco switches, and Cisco routers alongside the coupling ASA virtual appliances and Cisco Firepower Threat Defense [FTD] security modules. The vulnerability is being actively exploited and targeted and opportunistic exploitation is likely to rise rapidly.

Technical Overview

Recently, Cisco Systems disclosed a vulnerability in its code that will allow an unauthenticated remote user to conduct a Denial of Service [DoS] attack in the *Session Initiation Protocol [SIP] inspection engine and Firepower Threat Defense [FTD] software running on the following Cisco IOS versions:

  • Cisco ASA version 9.4 and newer
  • Cisco FTD version 6.0 and newer

*The Session Initiation Protocol [SIP] is enabled by default on all of the Cisco products.

Potential Impact

The exploitation can cause an affected device to render high CPU conditions that will impede traffic and engage in a Denial of Service [DoS] attack.

The Session Initiation Protocol [SIP] allows for an unauthenticated remote user to send malicious SIP requests to misconfigured SIP traffic.   

This vulnerability will affect the following appliances:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4100 Series Security Appliance
  • Firepower 9300 ASA Security Module
  • FTD Virtual (FTDv)

What You Should Do

NOTE: Currently, Cisco has not released any updates for this vulnerability and there is no known fix for this issue.

Any traffic that is traversing an affected device should be blocked. It is also recommended to disable the SIP inspection engine feature on ‘sent-by address of 0.0.0.0’ for all vulnerable products running the Cisco ASA 9.4 and FTD 6.0 IOS version software. Additional mitigation options can be found on the second page linked below.

Supporting Information

Categories: News
Tags:ciscoCVE-2018-15454spotvulnerability

GuidePoint Security

Exploring Ransomware’s Emerging Middle Class & Evolving Cyber Threats
In this on-demand webinar, the authors share report highlights, in-depth analysis, and exclusive commentary to help strengthen your cybersecurity defenses.
Watch Now

Related Articles

View All

  • GRIT Blog
To Pay or Not to Pay: The Ransomware Dilemma
Posted by: Jason Baker
Published 11/14/24, 09:00am
Read More 11 min read
  • Blog
Protecting Critical Infrastructure: A Collaborative Approach to Security for ICS, OT, and IIoT
Posted by: Christopher Warner
Read More 4 min read
  • Blog
Cybersecurity Awareness Month: Tackling the Unsustainable Skills Challenge in Cybersecurity and Observability
Posted by: Ben MartinMooney
Read More 3 min read