Cisco Secure Firewall ASA and FTD Software IKEv2 Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software. This vulnerability allows an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on the affected device, which may also disrupt services to other devices on the network. The issue arises from improper processing of IKEv2 packets, leading to memory exhaustion and causing the device to reload.

Impact

Exploitation of this vulnerability leads to memory exhaustion, causing the device to reload. This DoS condition may also impact the availability of services to other devices on the network.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading Cisco Secure FTD devices can be found in the Cisco Secure FMC upgrade guide. For Cisco Secure Firewall ASA, consult the Cisco Secure Firewall ASA Upgrade Guide and Compatibility Guide.