Cisco Adaptive Security Appliance Encrypted IPSec or IKEv2 Packet Modification Vulnerability

A vulnerability in the AES-GCM code of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to modify the contents of an encrypted IPSec or IKEv2 packet, and for those modifications not to be detected.

The vulnerability is due to an error on the firmware of the Cavium Networks cryptographic module. Due to this vulnerability, the integrity check value (ICV) is not verified. An attacker could exploit this vulnerability by intercepting encrypted packets in transit and modifying their contents. Such packets would be decrypted by the ASA and then forwarded to their destination, without the modification being detected.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, the attacker must be able to intercept encrypted packets in transit, making exploitation more difficult in environments that restrict network access from untrusted sources.

This vulnerability does not allow an attacker to decrypt IPSec or IKEv2 packets in transit, nor obtain information about the session keys being used for the security association. In addition, this vulnerability does not impact SSL/TLS traffic originating from or destined to the ASA.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.