Cisco Reports SIP Inspection Vulnerability
Advisory addresses active exploitation of vuln in the wild, with no clear solution in sight.
Cisco has issued a new security advisory covering a vulnerability in Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense software that could ultimately lead to a denial-of-service (DoS) condition for specific devices.
Cisco is aware of active exploitation of the vulnerability in the wild, according to the advisory (CVE-2018-1545), which also states that no remediation is available. The only corrective action Cisco offers is to shut down Session Initiation Protocol (SIP) inspection — an action that closes the vulnerability but also "would break SIP connections if either NAT is applied to SIP traffic or if not all ports required for SIP communication are opened via ACL," according to the advisory.
The affected devices are 3000 Series Industrial Security Appliance (ISA); ASA 5500-X Series Next-Generation Firewalls; ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers; Adaptive Security Virtual Appliance (ASAv); Firepower 2100 Series Security Appliance; Firepower 4100 Series Security Appliance; Firepower 9300 ASA Security Module; and FTD Virtual (FTDv).
Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.
About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024