The vulnerability was discovered during the resolution of a Cisco TAC support case and reported by Cisco PSIRT.
Vulnerable component: Cisco ASA 5500-X Series
CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:U/RC:C
CWE-ID: CWE-20 - Improper Input Validation
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of SIP traffic. A remote attacker can send specially crafted SIP packets to the affected device, cause high CPU load that may lead to denial of service conditions.
Note, this vulnerability is being actively exploited in the wild against a limited number of targets.
Latest references in media:
- Cisco Products Affected By A Zero-Day SIP Inspection Vulnerability Exploited In The Wild [2018-11-05 12:41:04]
- Week in review: Bleedingbit, nastiest malware of 2018, Cisco security appliances under attack [2018-11-04 21:11:07]
- Week in review: Bleedingbit, nastiest malware of 2018, Cisco security appliances under attack [2018-11-04 21:00:13]
- Cisco Security Appliance Zero-Day Found Actively Exploited in the Wild [2018-11-02 18:00:13]
- CISCO warn┬аof a zero-day DoS flaw that is being actively exploited in attacks [2018-11-02 13:10:12]
- Cisco security appliances under attack, still no patch available [2018-11-02 11:41:24]
- Cisco security appliances under attack, still no patch available [2018-11-02 11:40:13]
- Attackers Use Zero-Day That Can Restart Cisco Security Appliances [2018-11-02 03:00:20]
- Cisco firewalls under attack тАУ and there's no patch: Too many SIPs and they drown in data [2018-11-02 01:40:01]
- Cisco Zero Day Vulnerability in Wild Resulting in DoS Condition [2018-11-01 13:10:39]
- Cisco Warns of Zero-Day Vulnerability in Security Appliances [2018-11-01 07:30:16]
- Cisco zero-day exploited in the wild to crash and reload devices | ZDNet [2018-11-01 03:50:08]
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.