Monday, March 4, 2024

Hackers Exploit Cisco Zero Day Vulnerability in Wild Resulting in DoS Condition

A critical vulnerability in Session Initiation Protocol (SIP) of Cisco ASA and FTD software that allows an unauthenticated remote attacker to crash and reload the device. The vulnerability occurs due to the improper handling of SIP traffic.

A remote attacker could exploit the Cisco Zero Day vulnerability by sending a crafted SIP request that would trigger high CPU usage or reload the device results in DoS condition.

Cisco says the security update to address the vulnerability is not yet available and at the time there is no workaround for this vulnerability, reads Cisco advisory.

Affected Products – Cisco Zero Day

The vulnerability affects Cisco ASA Software Release 9.4 and later and Cisco FTD Software Release 6.0 and later if SIP inspection is enabled.

3000 Series Industrial Security Appliance (ISA)
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4100 Series Security Appliance
Firepower 9300 ASA Security Module
FTD Virtual (FTDv)

The Indication of the Device in Attack

If any vulnerable device actively exploited by attackers, the administrators can see a large number of incomplete SIP connections over conn port 5060 and the output of show processes CPU-usage non-zero sorted will show a high CPU utilization.

Successful exploitation on the device leads device crashing and reloading, Cisco to free software updates that address the vulnerability described in this advisory.

The vulnerability can be tracked as CVE-2018-15454 and it receives the Base score 8.6.

Related Read

Cisco Releases Security Updates that Covers 16 Vulnerabilities that had Critical and High Impact

Cisco Released Security Updates for Multiple Vulnerabilities that Affected Cisco Products

Cisco Released Critical Security Updates for Vulnerabilities that Affected Cisco Products

Website

Latest articles

New Silver SAML Attack Let Attackers Forge Any SAML Response To Entra ID

SolarWinds cyberattack was one of the largest attacks of the century in which attackers...

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...

CWE Version 4.14 Released: What’s New!

The Common Weakness Enumeration (CWE) project, a cornerstone in the cybersecurity landscape, has unveiled...

RisePro Stealer Attacks Windows Users Steals Sensitive Data

A new wave of cyber threats has emerged as the RisePro information stealer targets...

Golden Corral Restaurant Chain Hacked: 180,000+ Users’ Data Stolen

The Golden Corral Corporation, a popular American restaurant chain, has suffered a significant data...

CISA Warns Of Hackers Exploiting Multiple Flaws In Ivanti VPN

Threat actors target and abuse VPN flaws because VPNs are often used to secure...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles