A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HCisco Adaptive Security Appliance Software
OSCisco9.9 – 9.9.2.509.10 – 9.10.1.179.8 – 9.8.4Cisco Asa 5506h X
HWCiscowszystkie wersjeCisco Asa 5506w X
HWCiscowszystkie wersjeCisco Asa 5506 X
HWCiscowszystkie wersjeCisco Asa 5508 X
HWCiscowszystkie wersjeCisco Asa 5516 X
HWCiscowszystkie wersjeCisco Asa 5525 X
HWCiscowszystkie wersjeCisco Asa 5545 X
HWCiscowszystkie wersjeCisco Asa 5555 X
HWCiscowszystkie wersjeCisco Firepower Threat Defense
APPCisco6.3.0 – 6.3.0.36.2.2 – 6.2.3.12
Related vulnerabilities
RCE jako root w Cisco ASA i FTD poprzez podatny serwer VPN web
RCE w web services Cisco ASA, FTD, IOS, IOS XE, IOS XR przez HTTP
RCE w podsystemie SSH Cisco ASA — wykonanie poleceń jako root
Cisco FTD: statyczne konta z zakodowanymi hasłami umożliwiają nieautoryzowany dostęp
A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software cou...