A Vulnerability in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software Could Allow for Denial of Service

ITS Advisory Number: 
2018-110
Date(s) Issued: 
Friday, November 2, 2018
Subject: 
A Vulnerability in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software Could Allow for Denial of Service
Overview: 

A vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software that could allow for denial-of-service conditions. Successful exploitation of this vulnerability could allow the attacker to reload or cause high CPU usage on the affected device, resulting in Denial of Service (DoS) conditions.

 

THREAT INTELLIGENCE:

There are reports of this vulnerability being actively exploited in the wild.

Systems Affected: 
  • 3000 Series Industrial Security Appliance (ISA)

  • ASA 5500-X Series Next-Generation Firewalls

  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers

  • Adaptive Security Virtual Appliance (ASAv)

  • Firepower 2100 Series Security Appliance

  • Firepower 4100 Security Appliance

  • Firepower 9300 ASA Security Module

  • FTD Virtual (FTDv)

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
Low
Description: 

A vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software, which could allow for an unauthenticated, remote attacker to trigger a Denial of Service (DoS) on the affected device.

 

The vulnerability is due to improper handling of Session Initiation Protocol (SIP) requests. An attacker could exploit this vulnerability by sending a high rate of SIP requests to vulnerable devices. The Cisco ASA family provides network security services such as firewall, intrusion prevention system (IPS), endpoint security (anti-x), and VPN. Cisco Firepower Threat Defense is a unified software image used on Cisco ASA and Firewall devices. Successful exploitation of this vulnerability could allow the attacker to reload or cause high CPU usage on the affected device, resulting in Denial of Service (DoS) conditions.

Actions: 
  • Verify no unauthorized system modifications have occurred on system before applying patch.

  • After appropriate testing, immediately apply patches provided by Cisco.

  • Until patches are released, consider following the workarounds provided by Cisco at the reference below.