Zero-day vulnerability in Cisco ASA 5500-X Series

Input validation error

Not patched

The vulnerability was discovered during the resolution of a Cisco TAC support case and reported by Cisco PSIRT.

Vulnerability details

Advisory: SB2018110101 - Denial of service when processing SIP packets in Cisco ASA and Cisco Firepower Threat Defense

Vulnerable component: Cisco ASA 5500-X Series

CVE-ID: CVE-2018-15454

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:U/RC:C

CWE-ID: CWE-20 - Improper Input Validation


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of SIP traffic. A remote attacker can send specially crafted SIP packets to the affected device, cause high CPU load that may lead to denial of service conditions.

Note, this vulnerability is being actively exploited in the wild against a limited number of targets.