Cisco firewalls under attack – and there's no patch: Too many SIPs and they drown in data Cisco says miscreants are actively exploiting a SIP vulnerability in its networking gear that it disclosed on Wednesday. The bug, CVE-2018-15454, lies within code in some Adaptive Security Appliances, and its Firepower Threat Defense software, that handles Session Initiation Protocol (SIP) packets. SIP is the signalling …
A security device itself vulnerable to attack. I would have though a company with an annual revenue of US$49.3 billion would have picked this up in the development and testing phase. Cisco does actually have a department charged with such a vital task?
Usually adding more complexity to a problem makes it less secure. That's why most common "security in a box" solutions had their own vulnerabilities. One prominent example was Microsoft who executed Visual Basic in a virtual machine running at "system" privilidges in order to find out if said program was malevolent. It's also common for AV systems to choke while processing obscure archive formats.
Considering how limited the SIP inspection on Cisco ASA firewalls is (there is a list of unsupported SIP features), that most SIP implementations over the Internet should now use SIP over TLS (when the ASA doesn't support TLS/SSL decryption) and that although SIP inspection is enabled by default, the likelihood of someone having it enabled, with ACL's that allow access to SIP and not having hit issues that cause it to be disabled is pretty small i.e. approaching zero in the real world.
All the money in the world doesn't fix something that is so broken that Cisco TAC advises that it be turned off...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
