Cisco Reports SIP Inspection Vulnerability

Cisco has issued a new security advisory covering a vulnerability in Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense software that could ultimately lead to a denial-of-service (DoS) condition for specific devices.

Cisco is aware of active exploitation of the vulnerability in the wild, according to the advisory (CVE-2018-1545), which also states that no remediation is available. The only corrective action Cisco offers is to shut down Session Initiation Protocol (SIP) inspection — an action that closes the vulnerability but also "would break SIP connections if either NAT is applied to SIP traffic or if not all ports required for SIP communication are opened via ACL," according to the advisory.

The affected devices are 3000 Series Industrial Security Appliance (ISA); ASA 5500-X Series Next-Generation Firewalls; ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers; Adaptive Security Virtual Appliance (ASAv); Firepower 2100 Series Security Appliance; Firepower 4100 Series Security Appliance; Firepower 9300 ASA Security Module; and FTD Virtual (FTDv).

Read more here and here. 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.