exploitDog

CVE-2018-15454

Опубликовано: 01 нояб. 2018

Источник: nvd

CVSS3: 8.6

CVSS2: 7.8

EPSS Низкий

Описание

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.

Ссылки

http://www.securityfocus.com/bid/105768
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042129
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/105768
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042129
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.4 (включая) до 9.4.4.27 (исключая)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.6 (включая) до 9.6.4.18 (исключая)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.8 (включая) до 9.8.3.16 (исключая)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.9 (включая) до 9.9.2.32 (исключая)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.10 (включая) до 9.10.1.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Версия от 6.1.0 (включая) до 6.1.0.7 (исключая)

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Версия от 6.2.0 (включая) до 6.2.0.6 (исключая)

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Версия от 6.2.2 (включая) до 6.2.2.4 (исключая)

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Версия от 6.2.3 (включая) до 6.2.3.7 (исключая)

EPSS

Процентиль: 89%

0.04645

Низкий

8.6 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20

CWE-20

Связанные уязвимости

GHSA-w2r5-4x4c-j964

CVSS3: 8.6

github

больше 3 лет назад

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.

BDU:2018-01584

CVSS3: 8.6

fstec

больше 7 лет назад

Уязвимость компонента SIP inspection микропрограммного обеспечения межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Cisco Firepower Threat Defense (FTD), позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 89%

0.04645

Низкий

8.6 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20

CWE-20