A vulnerability in handling of Session Initiation Protocol (SIP) traffic by Cisco devices has been disclosed. CVE-2018-15454 has been assigned to track this vulnerability. Cisco has released advisory cisco-sa-20181031-asaftd-sip-dos to address this issue, it ha rated this issue as a high priority. The vulnerability affects a range of Cisco products if SIP inspection is enabled. … Continue reading “Cisco ASA and Cisco FTD Software Denial of Service Vulnerability: CVE-2018-15454”
Tag: ASA
Cisco ASA AnyConnect/WebVPN Double free Vulnerability : CVE-2018-0101
A double free vulnerability has been discovered in Cisco ASA devices in the SSL-VPN feature . The vulnerability has been assigned CVE-2018-0101. An attacker can exploit this vulnerability by sending custom crafted XML packets to the webvpn interface. Upon successful exploitation an attacker can achieve remote arbitrary code excution, reload the device or shutdown the … Continue reading “Cisco ASA AnyConnect/WebVPN Double free Vulnerability : CVE-2018-0101”