The Cisco security team has revealed earlier the existence of a zero-day vulnerability affecting products that run Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.
The vulnerability has been exploited in the wild, according to a security advisory the company published a few hours ago. No patches are available at the time of writing.
Cisco says it discovered the vulnerability, and the active attacks, while its staff was answering a support case.
The vulnerability, which Cisco is tracking as CVE-2018-15454, resides in the Session Initiation Protocol (SIP) inspection engine of ASA and FTD software.