CVE-2018-15454
HIGH EXPLOITED IN THE WILDCisco Adaptive Security Appliance and Firepower Threat Defense - Denial of Service via SIP Traffic
Title source: llmExploitation Summary
CVE-2018-15454 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105768
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1042129
Mitigation, Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos
Scores
CVSS v3
8.6
EPSS
0.0438
EPSS Percentile
90.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
VulnCheck KEV
2018-10-31
InTheWild.io
2018-10-31
CWE
CWE-20
Status
published
Products (2)
cisco/adaptive_security_appliance_software
9.4 - 9.4.4.27
cisco/firepower_threat_defense
6.1.0 - 6.1.0.7
Published
Nov 01, 2018
Tracked Since
Feb 18, 2026