Lucene search

CiscoCISCO-SA-20191002-ASA-FTD-IKEV1-DOS

HistoryOct 02, 2019 - 4:00 p.m.

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability

2019-10-0216:00:00

tools.cisco.com

166

0.002 Low

EPSS

Percentile

52.8%

JSON

A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition.
The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. The attacker does not need valid credentials to authenticate the VPN session, nor does the attacker’s source address need to match a peer statement in the crypto map applied to the ingress interface of the affected device. An exploit could allow the attacker to exhaust system memory resources, leading to a reload of an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-ikev1-dos [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-ikev1-dos”]
This advisory is part of the October 2019 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 18 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: October 2019 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-72541”].

Affected configurations

Vulners

Node

ciscoadaptive_security_virtual_applianceMatch9.7

ciscoadaptive_security_virtual_applianceMatch9.8

ciscoadaptive_security_virtual_applianceMatch9.9

ciscoadaptive_security_virtual_applianceMatch9.10

ciscoadaptive_security_virtual_applianceMatch9.12

ciscofirepower_threat_defense_softwareMatch6.2

ciscofirepower_threat_defense_softwareMatch6.3

ciscoadaptive_security_virtual_applianceMatch9.7.1

ciscoadaptive_security_virtual_applianceMatch9.7.1.1

ciscoadaptive_security_virtual_applianceMatch9.7.1.2

ciscoadaptive_security_virtual_applianceMatch9.7.1.4

ciscoadaptive_security_virtual_applianceMatch9.7.1.8

ciscoadaptive_security_virtual_applianceMatch9.7.1.15

ciscoadaptive_security_virtual_applianceMatch9.7.1.16

ciscoadaptive_security_virtual_applianceMatch9.7.1.19

ciscoadaptive_security_virtual_applianceMatch9.7.1.20

ciscoadaptive_security_virtual_applianceMatch9.7.1.21

ciscoadaptive_security_virtual_applianceMatch9.7.1.23

ciscoadaptive_security_virtual_applianceMatch9.7.1.24

ciscoadaptive_security_virtual_applianceMatch9.7.1.28

ciscoadaptive_security_virtual_applianceMatch9.8.1

ciscoadaptive_security_virtual_applianceMatch9.8.1.5

ciscoadaptive_security_virtual_applianceMatch9.8.1.7

ciscoadaptive_security_virtual_applianceMatch9.8.2

ciscoadaptive_security_virtual_applianceMatch9.8.2.8

ciscoadaptive_security_virtual_applianceMatch9.8.2.10

ciscoadaptive_security_virtual_applianceMatch9.8.2.11

ciscoadaptive_security_virtual_applianceMatch9.8.2.14

ciscoadaptive_security_virtual_applianceMatch9.8.2.15

ciscoadaptive_security_virtual_applianceMatch9.8.2.17

ciscoadaptive_security_virtual_applianceMatch9.8.2.18

ciscoadaptive_security_virtual_applianceMatch9.8.2.19

ciscoadaptive_security_virtual_applianceMatch9.8.2.20

ciscoadaptive_security_virtual_applianceMatch9.8.2.3

ciscoadaptive_security_virtual_applianceMatch9.8.2.24

ciscoadaptive_security_virtual_applianceMatch9.8.2.26

ciscoadaptive_security_virtual_applianceMatch9.8.2.28

ciscoadaptive_security_virtual_applianceMatch9.8.2.33

ciscoadaptive_security_virtual_applianceMatch9.8.2.35

ciscoadaptive_security_virtual_applianceMatch9.8.2.38

ciscoadaptive_security_virtual_applianceMatch9.8.3.8

ciscoadaptive_security_virtual_applianceMatch9.8.3.11

ciscoadaptive_security_virtual_applianceMatch9.8.3.14

ciscoadaptive_security_virtual_applianceMatch9.8.3.16

ciscoadaptive_security_virtual_applianceMatch9.8.3.17

ciscoadaptive_security_virtual_applianceMatch9.8.3.18

ciscoadaptive_security_virtual_applianceMatch9.8.3.21

ciscoadaptive_security_virtual_applianceMatch9.8.3.22

ciscoadaptive_security_virtual_applianceMatch9.8.3

ciscoadaptive_security_virtual_applianceMatchany

ciscoadaptive_security_virtual_applianceMatch9.9.1

ciscoadaptive_security_virtual_applianceMatch9.9.1.2

ciscoadaptive_security_virtual_applianceMatch9.9.1.3

ciscoadaptive_security_virtual_applianceMatch9.9.2

ciscoadaptive_security_virtual_applianceMatch9.9.2.1

ciscoadaptive_security_virtual_applianceMatch9.9.1.4

ciscoadaptive_security_virtual_applianceMatch9.9.2.9

ciscoadaptive_security_virtual_applianceMatch9.9.2.14

ciscoadaptive_security_virtual_applianceMatch9.9.2.18

ciscoadaptive_security_virtual_applianceMatch9.9.2.25

ciscoadaptive_security_virtual_applianceMatch9.9.2.27

ciscoadaptive_security_virtual_applianceMatch9.9.2.32

ciscoadaptive_security_virtual_applianceMatch9.9.2.36

ciscoadaptive_security_virtual_applianceMatch9.9.2.40

ciscoadaptive_security_virtual_applianceMatch9.10.1

ciscoadaptive_security_virtual_applianceMatch9.10.1.2

ciscoadaptive_security_virtual_applianceMatch9.10.1.7

ciscoadaptive_security_virtual_applianceMatch9.10.1.9

ciscoadaptive_security_virtual_applianceMatch9.10.1.10

ciscoadaptive_security_virtual_applianceMatch9.10.1.3

ciscoadaptive_security_virtual_applianceMatch9.10.1.11

ciscoadaptive_security_virtual_applianceMatch9.12.1

ciscoadaptive_security_virtual_applianceMatch9.12.1.2

ciscoadaptive_security_virtual_applianceMatch9.12.1.3

ciscofirepower_threat_defense_softwareMatch6.2.0

ciscofirepower_threat_defense_softwareMatch6.2.1

ciscofirepower_threat_defense_softwareMatch6.2.2

ciscofirepower_threat_defense_softwareMatch6.2.0.1

ciscofirepower_threat_defense_softwareMatch6.2.0.2

ciscofirepower_threat_defense_softwareMatch6.2.0.3

ciscofirepower_threat_defense_softwareMatch6.2.0.4

ciscofirepower_threat_defense_softwareMatch6.2.2.1

ciscofirepower_threat_defense_softwareMatch6.2.2.2

ciscofirepower_threat_defense_softwareMatch6.2.3

ciscofirepower_threat_defense_softwareMatch6.2.3.1

ciscofirepower_threat_defense_softwareMatch6.2.3.2

ciscofirepower_threat_defense_softwareMatch6.2.3.3

ciscofirepower_threat_defense_softwareMatch6.2.3.4

ciscofirepower_threat_defense_softwareMatch6.2.3.5

ciscofirepower_threat_defense_softwareMatch6.2.2.3

ciscofirepower_threat_defense_softwareMatch6.2.2.4

ciscofirepower_threat_defense_softwareMatch6.2.0.5

ciscofirepower_threat_defense_softwareMatch6.2.0.6

ciscofirepower_threat_defense_softwareMatch6.2.3.6

ciscofirepower_threat_defense_softwareMatch6.2.0.7

ciscofirepower_threat_defense_softwareMatch6.2.2.5

ciscofirepower_threat_defense_softwareMatch6.2.3.7

ciscofirepower_threat_defense_softwareMatch6.2.3.8

ciscofirepower_threat_defense_softwareMatch6.2.3.10

ciscofirepower_threat_defense_softwareMatch6.2.3.9

ciscofirepower_threat_defense_softwareMatch6.3.0

ciscofirepower_threat_defense_softwareMatch6.3.0.1

CPENameOperatorVersion
cisco adaptive security appliance (asa) softwareeq9.7
cisco adaptive security appliance (asa) softwareeq9.8
cisco adaptive security appliance (asa) softwareeq9.9
cisco adaptive security appliance (asa) softwareeq9.10
cisco adaptive security appliance (asa) softwareeq9.12
cisco firepower threat defense softwareeq6.2
cisco firepower threat defense softwareeq6.3
cisco adaptive security appliance (asa) softwareeq9.7.1
cisco adaptive security appliance (asa) softwareeq9.7.1.1
cisco adaptive security appliance (asa) softwareeq9.7.1.2

Name	Operator	Version
cisco adaptive security appliance (asa) software	eq	9.7
cisco adaptive security appliance (asa) software	eq	9.8
cisco adaptive security appliance (asa) software	eq	9.9
cisco adaptive security appliance (asa) software	eq	9.10
cisco adaptive security appliance (asa) software	eq	9.12
cisco firepower threat defense software	eq	6.2
cisco firepower threat defense software	eq	6.3
cisco adaptive security appliance (asa) software	eq	9.7.1
cisco adaptive security appliance (asa) software	eq	9.7.1.1
cisco adaptive security appliance (asa) software	eq	9.7.1.2