CVE-2018-0472

CVE-2018-0472 is a vulnerability in the Cisco IPsec driver code as described in ICSA-19-094-04, affecting Rockwell Automation Stratix 5950 security appliances. The issue is caused by improper processing/validation of malformed IPsec AH/ESP packets, allowing an unauthenticated remote attacker to c...

CVE-2018-0472 Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability

A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec...

CVE-2018-15397 Cisco Adaptive Security Appliance IPsec VPN Denial of Service Vulnerability

A vulnerability in the implementation of Traffic Flow Confidentiality TFC over IPsec functionality in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly,...

CVE-2018-15397 Cisco Adaptive Security Appliance IPsec VPN Denial of Service Vulnerability

A vulnerability in the implementation of Traffic Flow Confidentiality TFC over IPsec functionality in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly,...

CVE-2018-0472 Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability

A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec...

CVE-2018-15397

The CVE is for Cisco ASA/FTD: a vulnerability in Traffic Flow Confidentiality (TFC) over IPsec could allow an unauthenticated, remote attacker to restart the device, causing a DoS. Root cause: an error during IPsec tunnel key renegotiation when TFC traffic is in flight may crash a daemon, leading...

Cisco IOS XE Software IPsec DoS Vulnerability (cisco-sa-20180926-ipsec)

According to its self-reported version, the IOS XE is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...

Cisco Adaptive Security Appliance IPsec VPN Denial of Service Vulnerability

A vulnerability in the implementation of Traffic Flow Confidentiality TFC over IPsec functionality in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly,...

CVE-2018-9511

In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-9511

In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-9511

CVE-2018-9511 affects Android 9.0 and relates to ipSecSetEncapSocketOwner in XfrmController.cpp. The issue is a potential failure to initialize a security feature due to uninitialized data, which could enable local denial of service (DoS) on IPsec sockets without additional privileges or user int...

USN-3774-1: strongSwan vulnerability

It was discovered that strongSwan incorrectly handled signature validation in the gmp plugin. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...

Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability

A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec...

Cisco ASA and FWSM Security Advisories

Overview On October 9, 2013, Cisco released two security advisorieshttp://www.us-cert.gov/ncas/current-activity/2013/10/10/Cisco-Releases-Security-Advisories concerning multiple vulnerabilities within software for the following components: Cisco Adaptive Security Appliance ASA...

UDP based applications may get affected when traffic processing is disabled on the SDWAN

On the video conference tool based of IPSEC UDP, Master node isn't able to see the remote nodes sitting behind the SDWAN-WanOP. This tool uses dynamic IPSEC tunnels over the WAN and passes through our WanOP...

Bleichenbacher and Dictionary Attacks on IPsec IKE

Two new attacks on IPsec IKE Internet Key Exchange were recently disclosed 1, involving multiple ways to perform attacks against IKE signature based and PSK Pre-Shared Key authentications. The end goal is to crack IPsec VPN encrypted communications. The relevant CVEs are: CVE-2018-5389: Practical...

Design/Logic Flaw

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent...

CVE-2017-17305

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbache...

CVE-2017-17311

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent...

Design/Logic Flaw

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbache...