Cisco Products IKEv2 Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software. This vulnerability allows an unauthenticated, remote attacker to cause a DoS condition on an affected device by sending crafted IKEv2 traffic. The issue arises from insufficient input validation when processing IKEv2 messages, which can lead to the device reloading and causing a DoS condition.

Impact

Exploitation of this vulnerability causes the affected device to reload, creating a DoS condition.

Remediation

Cisco has released free software updates to address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For Cisco ASA, FMC, and FTD Software, the Cisco Software Checker tool can be used to determine exposure to this vulnerability and identify the first fixed version. Instructions for upgrading Cisco FTD devices are available in the Cisco FMC upgrade guide. For Cisco IOS and IOS XE Software, the Cisco Software Checker can also be used to assess vulnerability exposure and find the first fixed version.