Cisco says a flaw in its Adaptive Security Appliance allows remote attacks
Networking giant Cisco issued an advisory Wednesday that a vulnerability is allowing attackers to run denial-of-service attacks against its Adaptive Security Appliance.
The company says it has witnessed the attack being executed in the wild and it does not currently have a patch to fix the issue. The vulnerability affects the appliance’s Session Initiation Protocol inspection engine, along with Cisco’s Firepower Threat Defense FTD software.
The flaw could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU usage, which would then cause the denial of service.
According to the company’s advisory, there are no software updates or workarounds, but Cisco will be issuing a software patch at a later date.
Until a patch is issued, Cisco says customers can disable SIP inspection (it’s turned on by default), or filter traffic that’s using IP address 0.0.0.0 in the “Sent-by-Address” field. Additionally, if security teams have pinpointed IP addresses where malicious traffic is originating from, that can also be blocked to mitigate the attack.
This vulnerability affects Cisco ASA Software Release 9.4 and later, along with Cisco FTD Software Release 6.0 and later if SIP inspection is enabled. Cisco says the following products are affected:
- 3000 Series Industrial Security Appliance (ISA)
- ASA 5500-X Series Next-Generation Firewalls
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Adaptive Security Virtual Appliance (ASAv)
- Firepower 2100 Series Security Appliance
- Firepower 4100 Series Security Appliance
- Firepower 9300 ASA Security Module
- FTD Virtual (FTDv)
You can find more details in the company’s advisory.
