Cisco has been hit by a zero-day vulnerability; this new threat is affecting products that run the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.
The main bad news is that the zero-day has been already seen in the wild and until now no patches are available.
The vulnerability, CVE-2018-15454, is present in the Session Initiation Protocol (SIP) inspection engine of ASA and FTD software.
Cybersecurity experts say CVE-2018-15454 allow an unauthenticated, remote hacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition.
IP inspection is enabled by default in all ASA and FTD software packages and thanks to this things become worst for everybody because a large number of Cisco devices are believed to be vulnerable. Products that run ASA 9.4 and later, or FTD 6.0 and later are most certainly affected by this flaw.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
List of the affected products:
• 3000 Series Industrial Security Appliance (ISA)
• ASA 5500-X Series Next-Generation Firewalls
• ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• Adaptive Security Virtual Appliance (ASAv)
• Firepower 2100 Series Security Appliance
• Firepower 4100 Series Security Appliance
• Firepower 9300 ASA Security Module
• FTD Virtual (FTDv)
Until an ASA and or an FTD software update is delivered by Cisco, owners can use the following mitigations to take and prevent a remote attacker from crashing their equipment.
The first one is to disable SIP inspection. Second is to block traffic from suspicious IPs using the ASA and FTD traffic filtering systems. Also is good to know that malicious traffic that has been observed in the attacks until now has also used the 0.0.0.0 IP address for the “Sent-by Address” field.
Step-by-step information on how to configure these mitigations are available in Cisco’s advisory.
Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.