CVE-2018-15454

HIGH EXPLOITED IN THE WILD

Cisco Adaptive Security Appliance and Firepower Threat Defense - Denial of Service via SIP Traffic

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-15454 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105768
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1042129

Scores

CVSS v3 8.6
EPSS 0.0438
EPSS Percentile 90.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

VulnCheck KEV 2018-10-31
InTheWild.io 2018-10-31
CWE
CWE-20
Status published
Products (2)
cisco/adaptive_security_appliance_software 9.4 - 9.4.4.27
cisco/firepower_threat_defense 6.1.0 - 6.1.0.7
Published Nov 01, 2018
Tracked Since Feb 18, 2026