Cisco zero-day exploited in the wild to crash and reload devices


Image source: Cisco // Edited: ZDNet

The Cisco security team has revealed earlier the existence of a zero-day vulnerability affecting products that run Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.

The vulnerability has been exploited in the wild, according to a security advisory the company published a few hours ago. No patches are available at the time of writing.

Cisco says it discovered the vulnerability, and the active attacks, while its staff was answering a support case.

The vulnerability, which Cisco is tracking as CVE-2018-15454, resides in the Session Initiation Protocol (SIP) inspection engine of ASA and FTD software.

Read more….