The zero-day flaw, tracked as CVE-2018-15454, is related to the Session Initiation Protocol (SIP) inspection engine used in the company’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.

A remote and unauthenticated attacker can exploit the vulnerability to cause an affected device to reload or consume CPU resources, resulting in a denial-of-service (DoS) condition. The bug, related to how SIP traffic is handled, can be triggered by sending specially crafted SIP requests to the targeted device at a high rate.