⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2018-15454Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20Improper Input Validation5 documents5 sources
Severity
8.6HIGHNVD
EPSS
4.1%
top 11.35%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat DefenseCisco Adaptive Security Appliance Software
Timeline
PublishedNov 1
Latest updateMay 13

Description

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger th

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

NVDcisco/firepower_threat_defense6.1.06.1.0.7+3

🔴Vulnerability Details

3
GHSA
GHSA-w2r5-4x4c-j964: A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Thr2022-05-13
CVEList
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability2018-11-01
VulnCheck
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Improper Input Validation2018

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability2018-10-31
CVE-2018-15454 — Improper Input Validation in Cisco | cvebase