Cisco has discovered a zero-day vulnerability (CVE-2018-15454) that affects products running ASA (Adaptive Security Appliance) and FTD (Firepower Threat Defense) software. The vulnerability resides in the SIP (Session Initiation Protocol) inspection engine of ASA and FTD software. It could allow a remote attacker to cause an affected device to trigger or reload high CPU, which will result in a DoS (Denial of Service) condition. Since SIP is enabled by default in every ASA and FTD software package, it’s believed that a great deal of Cisco devices are vulnerable. Any product running ASA 9.4 and later or FTD 6.0 and later are affected. No patches have been made available as of the time this article was written.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in