On October 31, Cisco announced that it has discovered a vulnerability affecting devices running its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability takes advantage of the software’s voice over IP Session Initiation Protocol (SIP) inspection engine. Unauthenticated, remote bad actors can send SIP requests designed to cause a device to cycle unusually high CPU rates or to reload, ultimately causing denial of service (DoS) conditions.
A small number of these exploits have been reported in the field, but the risk for more expansive exploitation is inherent. This is considered a “zero day” vulnerability, and a patch in not yet available
Cisco has described several mitigation efforts that can utilized until a software update is distributed:
- Block traffic from specific offending source IP addresses, using an access control list and internal executable commands
- Disable SIP inspection, if suitable (i.e., if additional software dependencies are not affected)
- Block traffic from IP 0.0.0.0 which has been associated with the attack, and is generally a recommended practice
Specific details on detection and these mitigation methods, including step-by-step instructions, are available in the Cisco advisory.
The vulnerability affects Cisco ASA Software Release 9.4 and later and Cisco FTD Software Release 6.0 and later. A specific list of affected products is available here, which includes the popular ASA 5500-X series firewalls.
ACA Aponix Guidance
ACA Aponix recommends taking the following measures regarding the Cisco ASA and FTD vulnerability, and regarding other potential breaches:
- Check the list of affected products to verify impact on software running in your organization
- Follow detection and mitigation instructions detailed in the Cisco alert
- Immediately apply software patches for this issue when available
- Enact and implement a strict security updates and patch policy for all software updates across your organization
- Share this alert with your IT implementation partners
- Share this alert with your affiliates or portfolio companies
How ACA Aponix Can Help
ACA Aponix offers the following solutions that can help your firm protect itself from vulnerabilities, breaches, or related cybersecurity risk:
- Cybersecurity and technology risk assessments
- Penetration testing and vulnerability assessments
- Phishing testing and cyber awareness training
- Vendor diligence and management
For More Information
If you have any questions, please contact your ACA Aponix consultant or email us at firstname.lastname@example.org.