Just read articles recommend of my friend. It reminded me that Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software encounter Denial of Service Vulnerability.This vulnerability recorded CVE-2018-15454. A design weakness resides in the Session Initiation Protocol (SIP) inspection engine of ASA and FTD software.
The interim remedy solution shown as below:
hostname(config)# policy-map global_policy
hostname(config-pmap)# class-map inspection_default
hostname(config-pmap)# no inspect sip
hostname(config-pmap)# exit
hostname(config)# policy-map sip_policy
hostname(config-pmap)# class-map inspection_default
hostname(config-pmap)# inspect sip
hostname(config-pmap)# exit
hostname(config)# service-policy sip_policy interface [interface]
Official technical details shown as below:
Besides there is another vulnerabilities occurs in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software simultaneously.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos