Cisco Secure Firewall ASA and FTD Software IKEv2 Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software. This vulnerability allows an unauthenticated, remote attacker to cause a DoS condition on an affected device, potentially impacting the availability of services to other devices on the network. The issue arises from a memory leak during the parsing of IKEv2 packets, which an attacker could exploit by sending crafted IKEv2 packets to the device. The resulting memory exhaustion can cause the device to reload, disrupting services.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the affected device to exhaust resources and require a manual reload. This disruption can also impact the availability of services on other devices in the network.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading Cisco Secure Firewall ASA and Secure FTD Software are available in the respective upgrade guides. For help determining the best release to upgrade to, consult the Cisco Secure Firewall Compatibility Guides.