{ "id": "CVE-2024-20426", "sourceIdentifier": "psirt@cisco.com", "published": "2024-10-23T18:15:10.147", "lastModified": "2024-11-05T19:43:16.633", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition." }, { "lang": "es", "value": "Una vulnerabilidad en el protocolo de intercambio de claves de Internet versi\u00f3n 2 (IKEv2) para la terminaci\u00f3n de VPN del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tr\u00e1fico IKEv2 manipulado a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el dispositivo se recargue, lo que da como resultado una condici\u00f3n de DoS." } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 4.0 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 4.0 } ] }, "weaknesses": [ { "source": "psirt@cisco.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-476" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1:*:*:*:*:*:*:*", "matchCriteriaId": "0BA16A6D-2747-4DAC-A30A-166F1FD906FA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "289F9874-FC01-4809-9BDA-1AF583FB60B2" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2:*:*:*:*:*:*:*", "matchCriteriaId": "74EDFC67-E4EE-4D2C-BF9F-5881C987C662" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "826869BE-4874-4BBA-9392-14851560BA10" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "EF52D477-3045-45D1-9FD3-12F396266463" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "88E310BF-F1F6-4124-A875-81967B9B531E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3:*:*:*:*:*:*:*", "matchCriteriaId": "5B330F8F-F0DA-472C-A932-AD1D232C7DB5" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.39:*:*:*:*:*:*:*", "matchCriteriaId": "6BF59DAA-268C-4FCF-A0AA-7967128AEBC5" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.46:*:*:*:*:*:*:*", "matchCriteriaId": "140ED95D-173C-4ADB-A2E6-97F0D595D1AB" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.53:*:*:*:*:*:*:*", "matchCriteriaId": "BC9B00E1-3E50-4356-B6D9-F84BCD552402" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.55:*:*:*:*:*:*:*", "matchCriteriaId": "552319A9-01F7-47BA-83B3-B2DD648AA07E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.56:*:*:*:*:*:*:*", "matchCriteriaId": "4914603C-4B1B-48F1-826C-DB803BD21F87" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4:*:*:*:*:*:*:*", "matchCriteriaId": "2AE21762-3085-4AFC-B1DE-A4562CDAC509" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "852C3478-7529-4002-8540-ABA4D556DEFC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "23B8A815-5D58-4952-936E-D47B83637BEB" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "2C98D085-E321-4BAE-AF03-ABDEDC4D24BE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "C05599C9-C0DB-47C1-B145-C410076C1049" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.29:*:*:*:*:*:*:*", "matchCriteriaId": "5BC91A59-0BFA-4DE8-B414-7558D27FBC54" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1:*:*:*:*:*:*:*", "matchCriteriaId": "BEE52F59-AABA-4069-A909-64AD5DFD2B18" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "20D7966E-B02B-48C8-BF96-723DD6C25314" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "FA618249-E76F-4104-9326-C9F2DC8DE3D7" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7C925E1F-6BD9-4CD1-8AC4-4263A9094786" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "C5EE76D9-6D18-4823-B6B0-E1394A4D140C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.22:*:*:*:*:*:*:*", "matchCriteriaId": "3F635946-586D-4DE2-927B-300CE569C596" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.24:*:*:*:*:*:*:*", "matchCriteriaId": "459C11B9-ABA1-472A-8CDA-9C7B4E48E943" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.27:*:*:*:*:*:*:*", "matchCriteriaId": "FA060112-E2D8-4EC5-8400-D8D189A119B5" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.28:*:*:*:*:*:*:*", "matchCriteriaId": "C3888BB0-B529-486C-8563-392BD1C5DFD5" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.31:*:*:*:*:*:*:*", "matchCriteriaId": "43FE3FA7-8281-4BD9-A08B-8C79D369480E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.1:*:*:*:*:*:*:*", "matchCriteriaId": "B25468E3-03F9-4C2A-B82A-F87F4FCD57E8" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "5EC6F412-4A30-4E9A-B8DF-C4BF80E5C4B8" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2:*:*:*:*:*:*:*", "matchCriteriaId": "DA47E8EA-29F2-40F3-826E-E7295FFAD8C1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "B4D303F8-E6AA-4F1C-9988-055EECD0A902" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2.21:*:*:*:*:*:*:*", "matchCriteriaId": "2DCBBA66-6D00-4D8B-86FE-81EF431A7806" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8288F62-8BEC-4318-8096-9D36817D1D80" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A617690D-92D7-4793-AEAC-15F31162D5F2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F9608894-B4A7-49A1-863A-D44E53D6CE69" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3FDB77ED-AB5E-475F-A5F8-515B807E99A5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "0BEE0323-AC5A-4570-9681-14CD9FB8FD46" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "F6773BC9-C84C-4249-B6C3-FD39BAAA0555" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A4DFC6F7-2BA1-4F32-AD55-8BF0888FDB92" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "291705AE-7BAE-4305-BECA-204821BF467A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC683581-4B46-46A8-BBD8-CB01283641DF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "CC2A816A-63D6-498B-B167-BE71F0019DB1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "294D71C7-FFC3-4431-88AA-E03EFAE78CCE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "FA8287D0-B817-4143-BE34-B3C7FEC7BDEF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "9621C619-C4F8-4906-8A24-E560C08F6921" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB7F9C8B-35E4-459C-B31E-FCF2DAD0120E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8AF82E95-C8D3-402B-BC97-29EA1771D5EA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "0350CCE9-512A-4A77-8FAB-7A8F9B061170" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3CC55E28-36AC-4D40-BB6D-A1B53503F5E4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "66F0A624-DDE8-490C-9DA4-762CD39764B2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "901C034C-DDA4-49E1-B8B4-62F3B5C00173" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "D094896F-425A-4E69-8941-41147222C42D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "30825677-8EF7-46A0-BB47-887707E007C3" } ] } ] } ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-9FgEyHsF", "source": "psirt@cisco.com", "tags": [ "Vendor Advisory" ] } ] }