Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability
CVE-2019-1708

8.6HIGH

Key Information:

Vendor: Cisco
Status: Cisco Adaptive Security Appliance (asa) Software; Cisco Firepower Threat Defense (ftd) Software
Vendor: CVE Published:; 3 May 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses.

Affected Version(s)

Cisco Adaptive Security Appliance (ASA) Software < 9.8.4

Cisco Adaptive Security Appliance (ASA) Software < 9.9.2.50

Cisco Adaptive Security Appliance (ASA) Software < 9.10.1.17

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/108166

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
May 3, 2019
Vulnerability Reserved
Dec 6, 2018