Cisco ASA and Firepower appliances under attack

By

Miscreants remotely crash network security devices.

Cisco is warning that a vulnerability in the software on its enterprise Adaptive Security Appliances (ASAs) and Firepower firewalls is being exploited in the wild, for denial of service attacks that can crash the devices.

Cisco ASA and Firepower appliances under attack

The vulnerability stems from incorrect handling of Session Initiation Protocol (SIP) traffic by the inspection engine in Cisco's ASA Software Release 9.4 and FTD Software Release 6.0 and later versions.

SIP is used to set up voice over internet protocol phone calls.

Remote attackers can crash ASA and Firepower devices by sending large amounts of SIP requests. Large volumes of SIP traffic can also cause ASA and Firepower appliances to  reload, or trigger high processor usage.

If issuing the command show conn port 5060 on ASA and Firepower appliances reveals a high number of incomplete SIP connections, the device in question is likely under active attack. 

Furthmore, the show processes cpu-usage non-zero sorted command will show high processor utilisation.

No patches are available yet from Cisco to address the vulnerability.

Customers with ASA and Firepower devices can mitigate against the vulnerability by switching off SIP inspection or, blocking attackers or filtering out offending traffic with the invalid Sent-by Address set to 0.0.0.0, Cisco advised.

The company said the following products running ASA and FTD software are vulnerable if SIP inspection is enabled:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4100 Series Security Appliance
  • Firepower 9300 ASA Security Module
  • FTD Virtual (FTDv)
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?