Cisco IOS/IOS XE IKEv2 Processing Flaw Lets Remote Users Cause the Target System to Reload
Severity Rating: High
This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software and have the Internet Security Association and Key Management Protocol (ISAKMP) enabled.
A vulnerability has been identified in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software and this could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is caused due to how an affected device processes certain IKEv2 packets. This vulnerability could be exploited by sending specific IKEv2 packets to an affected device to be processed. Successful exploitation of the vulnerability could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition.
Users are advised to apply updates.
More information is available on:
Cisco Security Bulletin
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street