CVE-2021-40125

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a resource. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. A successful exploit could allow the attacker to trigger a reload of the device.

Severity	MEDIUM
CVSS	5.3
CWE	CWE-416
KEV
Published	4 years ago
Modified	1 year ago

Related Products

Product	Advisory	Evidence
Cisco Secure Firewall Threat Defense Virtual	cisco-sa-asaftd-ikev2-dos-g4cmrr7C	Cisco OpenVuln
Cisco Secure Firewall Threat Defense (FTD) Software	cisco-sa-asaftd-ikev2-dos-g4cmrr7C	Cisco OpenVuln
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software	cisco-sa-asaftd-ikev2-dos-g4cmrr7C	Cisco OpenVuln
Cisco Firepower Threat Defense Software	cisco-sa-asaftd-ikev2-dos-g4cmrr7C	Cisco OpenVuln
Cisco Firepower 9000 Series	cisco-sa-asaftd-ikev2-dos-g4cmrr7C	Cisco OpenVuln
Cisco Firepower 4100 Series	cisco-sa-asaftd-ikev2-dos-g4cmrr7C	Cisco OpenVuln
Cisco Firepower 2100 Series	cisco-sa-asaftd-ikev2-dos-g4cmrr7C	Cisco OpenVuln
Cisco Firepower 1000 Series	cisco-sa-asaftd-ikev2-dos-g4cmrr7C	Cisco OpenVuln
Cisco Adaptive Security Virtual Appliance (ASAv)	cisco-sa-asaftd-ikev2-dos-g4cmrr7C	Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software	cisco-sa-asaftd-ikev2-dos-g4cmrr7C	Cisco OpenVuln
Cisco ASA 5500-X Series Firewalls	cisco-sa-asaftd-ikev2-dos-g4cmrr7C	Cisco OpenVuln
Cisco 3000 Series Industrial Security Appliances (ISA)	cisco-sa-asaftd-ikev2-dos-g4cmrr7C	Cisco OpenVuln