CVE-2024-20426

HIGH

Cisco Adaptive Security Appliance Software - Denial of Service via IKEv2 Protocol

Title source: llm
STIX 2.1

Description

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

References (1)

Core 1

Scores

CVSS v3 8.6
EPSS 0.0057
EPSS Percentile 68.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (50)
cisco/adaptive_security_appliance_software 9.18.1
cisco/adaptive_security_appliance_software 9.18.1.3
cisco/adaptive_security_appliance_software 9.18.2
cisco/adaptive_security_appliance_software 9.18.2.5
cisco/adaptive_security_appliance_software 9.18.2.7
cisco/adaptive_security_appliance_software 9.18.2.8
cisco/adaptive_security_appliance_software 9.18.3
cisco/adaptive_security_appliance_software 9.18.3.39
cisco/adaptive_security_appliance_software 9.18.3.46
cisco/adaptive_security_appliance_software 9.18.3.53
... and 40 more
Published Oct 23, 2024
Tracked Since Feb 18, 2026