Cisco Security Appliances vulnerable to SIP exploits
As mentioned in an earlier post, I’m fascinated by computer programming; to a lesser extent, information technology and related security issues. Today I’d like to share an interesting vulnerability reported in Cisco Security Appliances... just be careful with this information. I’m not responsible for what you do with it.
SIP stands for session initiation protocol. Cisco uses SIP to, as it suggests, initiate secure sessions when users log into it, such as providing secure authentication. The inspection engine is what implements this service on Cisco devices. It’s a firewall for a firewall, basically!
This attack can be done by sending a specially crafted SIP packet to the target. Not going into details for obvious reasons; do your own research. But What this exploit does is allows an attacker to remotely log in as an authenticated user, which then will allow the user to use or consume CPU resources, or reload the device entirely... Which, of course, is a simple method of a Denial Of Service attack.
Cisco’s Adaptive Security Appliance, as well as the Firepower Threat Defense software, are what’re potentially vulnerable to this attack. At the time of writing, there are no known workarounds or patches.
Stay safe, be responsible, and let me know if this information has helped you out in some way! I could definitely do more IT Security vulnerability reporting.