Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)
Computer Security Incident Response Team of Mauritius>Attackers Use Zero-Day That Can Restart Cisco Security Appliances

Attackers Use Zero-Day That Can Restart Cisco Security Appliances


Security researchers discovered that attackers have exploited vulnerability in software running on security hardware products from Cisco. The bug could trigger a restart of the affected devices, the equivalent of a denial-of-service (DoS) condition. Cisco discovered the problem while addressing a support case and is aware of active exploitation taking place. The vulnerability, identified as CVE-2018-15454, is present in the Session Initiation Protocol (SIP) inspection engine turned on by default in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. If crashing and rebooting the appliance is not achieved, the effect of the leveraging the vulnerability is high CPU usage, slowing the device down and delaying it from dealing with tasks at hand. According to a security advisory from Cisco, the bug can be exploited remotely and does not require authentication. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device.
Source:
Bleeping Computer
 
Security Tracker
 
Contact Information
 

 

Postal addressostal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis