• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Microsoft Windows Zero-day ‘Arbitrary Windows file delete’ vulnerability
October 30, 2018
Rewterz Threat Advisory – Red Hat update for libreoffice
November 5, 2018

REWTERZ THREAT ADVISORY – CVE-2018-15454 – Cisco zero-day exploited to crash devices and cause Denial of Service

November 2, 2018

This is an advisory on a recent zero-day vulnerability of Cisco, that’s
being exploited in the wild to crash devices.

 

 

IMPACT: NORMAL

 

PUBLISH DATE: 02-11-2018

 

OVERVIEW

 

A zero-day vulnerability is found in the Session Initiation Protocol (SIP) inspection engine of Cisco’s ASA and TFD
software. The vendor released an advisory about the vulnerability being exploited in the wild. No software updates are available. However, Cisco has given out some mitigation guidelines.

 

 

ANALYSIS

 

 

A zero-day vulnerability has been found in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. Exploiting the vulnerability, an unauthenticated, remote attacker can reload an affected device. The attacker can also cause a Denial of Service (DoS) condition by triggering high CPU.

 

Researchers found out that improper handling of SIP traffic causes the vulnerability. The vulnerability can be triggered by sending specially designed SIP requests to trigger this issue at a high rate across an affected device.
The vendor has released an advisory informing that the vulnerability has been exploited in the wild to crash and reload devices.

 

Because SIP inspection is enabled by default in all ASA and FTD software packages, a large number of Cisco devices are believed to be vulnerable.

No software updates are available that address this issue.

 

 

AFFECTED PRODUCTS

 

 

Cisco confirmed that the following products are affected if they run ASA 9.4 and later, or FTD 6.0 and later:

3000 Series Industrial Security Appliance (ISA)

ASA 5500-X Series Next-Generation Firewalls

ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers

Adaptive Security Virtual Appliance (ASAv)

Firepower 2100 Series Security Appliance

Firepower 4100 Series Security Appliance

Firepower 9300 ASA Security Module

FTD Virtual (FTDv)

 

 

MITIGATION

 

Cisco suggests that device owners should take some precautions to avoid getting their equipment crashed. These
mitigation techniques involve the following measures.

 

• Device owners are advised to disable SIP inspection.

• Once device owners track and identify an attacker’s IP address, they should block traffic from that IP address
using the ASA and FTD traffic filtering systems.

• Cisco claims that the malicious traffic associated with these attacks until now has used the 0.0.0.0 IP address for
the “Sent-by Address” field. Using this information, firms can easily filter an attacker’s incoming traffic.

 

If you think you are a victim of a cyber-attack. Immediately send an email to soc@rewterz.com for a quick response

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.