A Vulnerability in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software Could Allow for Denial of Service

A Vulnerability in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software Could Allow for Denial of Service

MS-ISAC ADVISORY NUMBER:

2018-121

DATE(S) ISSUED:

11/02/2018

OVERVIEW:

A vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software that could allow for denial-of-service conditions. Successful exploitation of this vulnerability could allow the attacker to reload or cause high CPU usage on the affected device, resulting in Denial of Service (DoS) conditions.

THREAT INTELLIGENCE:

There are reports of this vulnerability being actively exploited in the wild.

SYSTEMS AFFECTED:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4100 Security Appliance
  • Firepower 9300 ASA Security Module
  • FTD Virtual (FTDv)

RISK:

Government:

  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM

Businesses:

  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM

Home Users:

LOW

TECHNICAL SUMMARY:

A vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software, which could allow for an unauthenticated, remote attacker to trigger a Denial of Service (DoS) on the affected device.

The vulnerability is due to improper handling of Session Initiation Protocol (SIP) requests. An attacker could exploit this vulnerability by sending a high rate of SIP requests to vulnerable devices. The Cisco ASA family provides network security services such as firewall, intrusion prevention system (IPS), endpoint security (anti-x), and VPN. Cisco Firepower Threat Defense is a unified software image used on Cisco ASA and Firewall devices. Successful exploitation of this vulnerability could allow the attacker to reload or cause high CPU usage on the affected device, resulting in Denial of Service (DoS) conditions.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Install updates provided by Cisco when available, after appropriate testing.
  • Until patches are released, consider following the workarounds provided by Cisco at the reference below.
  • Verify no unauthorized system modifications have occurred on system before applying patch.

REFERENCES: