Cisco ASA Software Vulnerability Allows Remote Denial of Service
CVE-2024-20426

8.6HIGH

Key Information:

Vendor: Cisco
Status: Cisco Adaptive Security Appliance (asa) Software; Cisco Firepower Threat Defense Software
Vendor: CVE Published:; 23 October 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol used for VPN termination in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software poses a risk of denial of service (DoS) attacks. This issue arises from insufficient input validation, allowing unauthenticated remote attackers to send specially crafted IKEv2 traffic to the affected devices. Exploiting this vulnerability may lead to device reloads, resulting in service interruptions. Organizations using these Cisco products must take immediate action to mitigate potential risks and safeguard their network operations. More details can be found in the advisory linked below.

Affected Version(s)

Cisco Adaptive Security Appliance (ASA) Software 9.18.1

Cisco Adaptive Security Appliance (ASA) Software 9.18.1.3

Cisco Adaptive Security Appliance (ASA) Software 9.18.2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Oct 24, 2024
Vulnerability published
Oct 23, 2024