Advertisement

Cisco says a flaw in its Adaptive Security Appliance allows remote attacks

Cisco has witnessed the attack in the wild, and the company does not currently have a patch to fix the issue.
Cisco ASA vulnerability
(Flickr user <a href="https://flic.kr/p/Y7X49r">Ashwin Kumar</a>// CC-BY-2.0)

Networking giant Cisco issued an advisory Wednesday that a vulnerability is allowing attackers to run denial-of-service attacks against its Adaptive Security Appliance.

The company says it has witnessed the attack being executed in the wild and it does not currently have a patch to fix the issue. The vulnerability affects the appliance’s Session Initiation Protocol inspection engine, along with Cisco’s Firepower Threat Defense FTD software.

The flaw could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU usage, which would then cause the denial of service.

According to the company’s advisory, there are no software updates or workarounds, but Cisco will be issuing a software patch at a later date.

Advertisement

Until a patch is issued, Cisco says customers can disable SIP inspection (it’s turned on by default), or filter traffic that’s using IP address 0.0.0.0 in the “Sent-by-Address” field. Additionally, if security teams have pinpointed IP addresses where malicious traffic is originating from, that can also be blocked to mitigate the attack.

This vulnerability affects Cisco ASA Software Release 9.4 and later, along with Cisco FTD Software Release 6.0 and later if SIP inspection is enabled. Cisco says the following products are affected:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4100 Series Security Appliance
  • Firepower 9300 ASA Security Module
  • FTD Virtual (FTDv)

You can find more details in the company’s advisory.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts