Cisco has discovered a zero-day vulnerability (CVE-2018-15454) that affects products running ASA (Adaptive Security Appliance) and FTD (Firepower Threat Defense) software. The vulnerability resides in the SIP (Session Initiation Protocol) inspection engine of ASA and FTD software. It could allow a remote attacker to cause an affected device to trigger or reload high CPU, which will result in a DoS (Denial of Service) condition. Since SIP is enabled by default in every ASA and FTD software package, it’s believed that a great deal of Cisco devices are vulnerable. Any product running ASA 9.4 and later or FTD 6.0 and later are affected. No patches have been made available as of the time this article was written.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is