cisco-sa-20190501-asa-ftd-ike-dos: Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability
First published: Wed May 01 2019(Updated: )
A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-ike-dos
Credit: This vulnerability was found during the resolution a Cisco TAC support case
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco ASA Software | =9.10<9.10.1.17>=9.8<=9.9<9.9.2.50 | 9.10.1.17 9.9.2.50 |
| Cisco FTD Software | =6.2.3<6.2.3.12=6.2.2<6.2.3.12 | 6.2.3.12 6.2.3.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-20190501-asa-ftd-ike-dos?
The vulnerability cisco-sa-20190501-asa-ftd-ike-dos has a high severity rating due to its ability to impact the availability of affected Cisco products.
How do I fix cisco-sa-20190501-asa-ftd-ike-dos?
To remediate cisco-sa-20190501-asa-ftd-ike-dos, users should upgrade to the latest patched versions of Cisco ASA Software or FTD Software as specified in the advisory.
What products are affected by cisco-sa-20190501-asa-ftd-ike-dos?
The affected products include Cisco ASA Software versions up to 9.10.1.17 and Cisco FTD Software versions up to 6.2.3.12.
Can cisco-sa-20190501-asa-ftd-ike-dos be exploited remotely?
Yes, cisco-sa-20190501-asa-ftd-ike-dos can be exploited by an unauthenticated remote attacker, leading to a potential denial of service.
What does cisco-sa-20190501-asa-ftd-ike-dos security advisory entail?
The cisco-sa-20190501-asa-ftd-ike-dos security advisory details a memory leak vulnerability in the IKEv2 MOBIKE feature affecting certain Cisco security devices.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/title
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco asa software
- version/cisco asa software/9.10
- version/cisco asa software/9.8
- version/cisco asa software/9.9
- canonical/cisco ftd software
- version/cisco ftd software/6.2.3
- version/cisco ftd software/6.2.2