CVE-2018-15454 — Vulnetix

CVE-2018-15454 PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.

EPSS 4.27% · 89.0th percentile

Risk Scores

CVSS 2.0

7.800000190734863

EPSS Score

4.27%

89.0th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Adaptive Security Appliance (ASA) Software	9.4
cisco	firepower_threat_defense	6.2.2, 6.2.0, 6.1.0
cisco	adaptive_security_appliance_software	9.6, 9.8, 9.9

Exploit Intelligence

105768 (circl)
1042129 (circl)
20181031 Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability (circl)

Timeline

Oct 31, 2018 CVE Published
Apr 14, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Feb 28, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 5, 2022 EPSS Score
Jan 8, 2023 EPSS Score
Mar 11, 2023 EPSS Score
May 13, 2023 EPSS Score
Jul 8, 2023 EPSS Score
Sep 7, 2023 EPSS Score

References

105768 vdb
1042129 vdb
20181031 Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2018-15454 advisory

Open in Interactive Console →