Cisco Secure Firewall ASA and FTD Software IKEv2 Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software. This vulnerability allows an unauthenticated, remote attacker to cause a DoS condition on the affected device, which may also disrupt services to other devices on the network. The issue arises from memory exhaustion caused by improper handling of IKEv2 packets, leading to resource depletion that requires the device to be manually reloaded.

Impact

Exploitation of this vulnerability leads to memory exhaustion, causing the device to reload. This denial-of-service condition may also affect the availability of services on other devices in the network.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading Cisco Secure FTD devices can be found in the Cisco Secure FMC upgrade guide. For Cisco Secure Firewall ASA, consult the Cisco Secure Firewall ASA Upgrade Guide and Compatibility Guide. Use the Cisco Software Checker tool to determine exposure to this vulnerability and identify the first fixed release.