First published: Wed Oct 02 2019(Updated: )
A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. The attacker does not need valid credentials to authenticate the VPN session, nor does the attacker's source address need to match a peer statement in the crypto map applied to the ingress interface of the affected device. An exploit could allow the attacker to exhaust system memory resources, leading to a reload of an affected device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Adaptive Security Appliance Software | >=9.7<9.8.4.10 | |
Cisco Adaptive Security Appliance Software | >=9.9<9.9.2.47 | |
Cisco Adaptive Security Appliance Software | >=9.10<9.10.1.30 | |
Cisco Adaptive Security Appliance Software | >=9.12<9.12.2.5 | |
Cisco Firepower Threat Defense | >=6.2.0<6.2.3.11 | |
Cisco Firepower Threat Defense | >=6.3.0<6.3.0.2 | |
Cisco Asa 5505 Firmware | =9.9\(2.4\) | |
Cisco Asa 5505 Firmware | =201.4\(1.21\) | |
Cisco Asa 5505 | ||
Cisco Asa 5510 Firmware | =9.9\(2.4\) | |
Cisco Asa 5510 Firmware | =201.4\(1.21\) | |
Cisco Asa 5510 | ||
Cisco Asa 5512-x Firmware | =9.9\(2.4\) | |
Cisco Asa 5512-x Firmware | =201.4\(1.21\) | |
Cisco Asa 5512-x | ||
Cisco Asa 5515-x Firmware | =9.9\(2.4\) | |
Cisco Asa 5515-x Firmware | =201.4\(1.21\) | |
Cisco Asa 5515-x | ||
Cisco Asa 5520 Firmware | =9.9\(2.4\) | |
Cisco Asa 5520 Firmware | =201.4\(1.21\) | |
Cisco Asa 5520 | ||
Cisco Asa 5525-x Firmware | =9.9\(2.4\) | |
Cisco Asa 5525-x Firmware | =201.4\(1.21\) | |
Cisco Asa 5525-x | ||
Cisco Asa 5540 Firmware | =9.9\(2.4\) | |
Cisco Asa 5540 Firmware | =201.4\(1.21\) | |
Cisco Asa 5540 | ||
Cisco Asa 5545-x Firmware | =9.9\(2.4\) | |
Cisco Asa 5545-x Firmware | =201.4\(1.21\) | |
Cisco Asa 5545-x | ||
Cisco Asa 5550 Firmware | =9.9\(2.4\) | |
Cisco Asa 5550 Firmware | =201.4\(1.21\) | |
Cisco Asa 5550 | ||
Cisco Asa 5555-x Firmware | =9.9\(2.4\) | |
Cisco Asa 5555-x Firmware | =201.4\(1.21\) | |
Cisco Asa 5555-x | ||
Cisco Asa 5580 Firmware | =9.9\(2.4\) | |
Cisco Asa 5580 Firmware | =201.4\(1.21\) | |
Cisco Asa 5580 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15256 is a vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software.
The severity of CVE-2019-15256 is high with a CVSS score of 8.6.
CVE-2019-15256 affects Cisco ASA Software versions 9.7 to 9.8.4.10, 9.9 to 9.9.2.47, 9.10 to 9.10.1.30, and 9.12 to 9.12.2.5.
CVE-2019-15256 affects Cisco Firepower Threat Defense versions 6.2.0 to 6.2.3.11 and 6.3.0 to 6.3.0.2.
To fix CVE-2019-15256, users should upgrade to a fixed version as mentioned in the Cisco Security Advisory.