Overview

Recently, Cisco released an official security advisory to announce fixes for multiple high-risk vulnerabilities, which could cause a denial of service and remote code execution.

Details of this vulnerability can be found at the following link:

https://tools.cisco.com/security/center/publicationListing.x

Vulnerability Description

CVE ID CVSS 3.0 Vulnerability Description
CVE-2018-15454 8.6 Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software Denial-of-Service Vulnerability
CVE-2018-16986 8.8 Texas Instruments (TI) Bluetooth Low Energy (BLE) Remote Code Execution Vulnerability

CVE-2018-15454

The Session Initiation Protocol (SIP) inspection engine of Cisco ASA Software and Cisco FTD Software is prone to a vulnerability, which allows an unauthenticated remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial-of-service attack.

The vulnerability is due to improper handling of SIP traffic. An attacker could trigger this vulnerability by sending crafted SIP requests to a vulnerable device. By default, SIP inspection is enabled on both Cisco ASA Software and Cisco FTD Software.

Affected Products:

This vulnerability affects Cisco ASA Software Release 9.4 and later and Cisco FTD Software Release 6.0 and later if SIP inspection is enabled and the software is running on any of the following Cisco products:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4100 Series Security Appliance
  • Firepower 9300 ASA Security Module
  • FTD Virtual (FTDv)

Solution:

Cisco has not provided any software update for fixing this vulnerability yet; however, there are four mitigation options.

  1. Disable SIP inspection.
  2. Block the offending host(s).
  3. Filter on send-by address of 0.0.0.0.
  4. Rate limit SIP traffic.

For details about these mitigation options, see Workarounds at the following link.

Reference link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos

CVE-2018-16986

On November 1, 2018, Armis announced the presence of a remote code execution vulnerability in the BLE Stack on TI chips CC2640 and CC2650.

When BLE is enabled on an affected device, an attacker in close proximity could exploit the vulnerability by broadcasting malformed BLE frames.

Affected Products:

Product Cisco Bug ID Fixed Release Availability
Cisco 1540 Aironet Series Outdoor Access Points CSCvk44163 8.8.100.0
Cisco 1800i Aironet Access Points CSCvk44163 8.8.100.0
Cisco 1810 Aironet Access Points CSCvk44163 8.8.100.0
Cisco 1815i Aironet Access Points CSCvk44163 8.8.100.0
Cisco 1815m Aironet Access Points CSCvk44163 8.8.100.0
Cisco 1815w Aironet Access Points CSCvk44163 8.8.100.0
Cisco 4800 Aironet Access Points CSCvk44163 8.8.100.0
Meraki MR30H AP N/A MR 25.13 and later
Meraki MR33 AP N/A MR 25.13 and later
Meraki MR42E AP N/A MR 25.13 and later
Meraki MR53E AP N/A MR 25.13 and later
Meraki MR74 N/A MR 25.13 and later

 

Solution:

Cisco has released corresponding software updates for the preceding affected products. Users of affected products are advised to download the updates as soon as possible.

Reference link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

Home

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

Leave a Reply

Your email address will not be published. Required fields are marked *