CVE-2020-3555

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description: The issue is related to errors in resource release in the implementation of the SIP protocol in the software of Cisco Firepower Threat Defense (FTD) and Cisco Adaptive Security Appliance (ASA) firewalls. Exploitation of this issue could allow a remote attacker to cause a denial of service by sending crafted SIP traffic. The vulnerability is due to a watchdog timeout and crash during the cleanup of threads associated with a SIP connection being deleted. An attacker could exploit this by sending a high rate of crafted SIP traffic, potentially causing a crash and reload of the affected device.

Recommendations: For Cisco Adaptive Security Appliance (ASA) Software, update to a fixed release as recommended by Cisco. For Cisco Firepower Threat Defense (FTD) Software, update to a fixed release as recommended by Cisco. As a temporary workaround, consider restricting access to the SIP inspection process to minimize the risk of exploitation.