Cisco IOS, IOS XE, Secure Firewall ASA, and Secure FTD Software IKEv2 Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software. This vulnerability allows an unauthenticated, remote attacker to cause the device to reload, leading to a DoS condition. The issue arises from improper processing of IKEv2 packets, which can be exploited by sending crafted packets to the affected device. Successful exploitation could create an infinite loop that exhausts resources, causing the device to reload.

Impact

Exploitation of this vulnerability leads to a device reload, causing a denial-of-service condition.

Remediation

Cisco has released software updates that address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For information on which Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software releases are vulnerable, consult the 'Fixed Software' section of the advisory.