CVE-2018-15454
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.
Una vulnerabilidad en el motor de inspección SIP (Session Initiation Protocol) de Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software podría permitir que un atacante remoto no autenticado provoque que un dispositivo afectado se recargue o el alto uso de recursos de la CPU, lo que resulta en una denegación de servicio (DoS). Esta vulnerabilidad se debe a un manejo incorrecto del tráfico SIP. Un atacante podría explotar esta vulnerabilidad enviando peticiones SIP destinadas a desencadenar específicamente este problema en gran proporción en un dispositivo afectado. Aún no existen actualizaciones de software que aborden esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-17 CVE Reserved
- 2018-11-01 CVE Published
- 2024-08-15 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105768 | Third Party Advisory | |
| http://www.securitytracker.com/id/1042129 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | >= 9.4 < 9.4.4.27 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.4 < 9.4.4.27" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | >= 9.6 < 9.6.4.18 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.6 < 9.6.4.18" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | >= 9.8 < 9.8.3.16 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.8 < 9.8.3.16" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | >= 9.9 < 9.9.2.32 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.9 < 9.9.2.32" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | >= 9.10 < 9.10.1.2 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.10 < 9.10.1.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.1.0 < 6.1.0.7 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.1.0 < 6.1.0.7" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.0 < 6.2.0.6 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.0 < 6.2.0.6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.2 < 6.2.2.4 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.2 < 6.2.2.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.3 < 6.2.3.7 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.3 < 6.2.3.7" | - |
Affected
| ||||||