Cisco zero-day exploit affects ASA and FTD software

Cisco has just released a security advisory for a high severity zero-day denial of service (DOS) vulnerability that impacts Cisco’s Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software. 

There were no patches or workarounds yet available, as stated in the initial Cisco advisory.

An excerpt of the threat from the Cisco update

“A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition.”

The vulnerability (CVE-2018-15454) is due to improper handling of SIP traffic:

“An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device.” 

According to Cisco, the vulnerability impacts Cisco ASA Software Release 9.4 and later versions, as well as Cisco FTD Software Release 6.0 and later if SIP inspection is enabled and running.

SIP runs by default in all ASA and FTD software packages and subsequently affects a large number of products to include:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4100 Series Security Appliance
  • Firepower 9300 ASA Security Module
  • FTD Virtual (FTDv).

Cisco said they will provide mitigation options that address this vulnerability as soon as they become available.

Leave a Reply