Zero-day vulnerability in Cisco ASA 5500-X Series

Input validation error
CVE-2018-15454

Not patched

The vulnerability was discovered during the resolution of a Cisco TAC support case and reported by Cisco PSIRT.

Vulnerability details

Advisory: SB2018110101 - Denial of service when processing SIP packets in Cisco ASA and Cisco Firepower Threat Defense

Vulnerable component: Cisco ASA 5500-X Series

CVE-ID: CVE-2018-15454

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:U/RC:C

CWE-ID: CWE-20 - Improper input validation

Description:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of SIP traffic. A remote attacker can send specially crafted SIP packets to the affected device, cause high CPU load that may lead to denial of service conditions.

Note, this vulnerability is being actively exploited in the wild against a limited number of targets.

External links:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-d...

About zero-day vulnerabilities

Zero-day vulnerability is an undisclosed vulnerability in software that hackers can exploit to compromise computer programs, gain unauthorized access to sensitive data, penetrate networks, etc. We consider vulnerability a zero-day when there is no solution provided from software vendor and the vulnerability is being actively exploited by malicious actors.

Zero-day candidate is a potential zero-day vulnerability in software which might have been used in targeted attacks, however there is no evidence to support this suggestion.