SecuriTricks - CVE-2024-20426

Description

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Product(s) Impacted

Vendor	Product	Versions
Cisco	Adaptive Security Appliance Software Firepower Threat Defense Software	9.18.1, 9.18.1.3, 9.18.2, 9.18.2.5, 9.18.2.7, 9.18.2.8, 9.18.3, 9.18.3.39, 9.18.3.46, 9.18.3.53, 9.18.3.55, 9.18.3.56, 9.18.4, 9.18.4.5, 9.18.4.8, 9.18.4.22, 9.18.4.24, 9.18.4.29, 9.19.1, 9.19.1.5, 9.19.1.9, 9.19.1.12, 9.19.1.18, 9.19.1.22, 9.19.1.24, 9.19.1.27, 9.19.1.28, 9.19.1.31, 9.20.1, 9.20.1.5, 9.20.2, 9.20.2.10, 9.20.2.21 7.2.0, 7.2.0.1, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.4.1, 7.2.5, 7.2.5.1, 7.2.5.2, 7.2.6, 7.2.7, 7.2.8, 7.2.8.1, 7.3.0, 7.3.1, 7.3.1.1, 7.3.1.2, 7.4.0, 7.4.1, 7.4.1.1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-476

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	cisco	adaptive_security_appliance_software	9.18.1	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.1.3	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.2	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.2.5	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.2.7	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.2.8	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.3	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.3.39	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.3.46	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.3.53	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.3.55	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.3.56	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.4	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.4.5	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.4.8	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.4.22	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.4.24	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.18.4.29	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.19.1	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.19.1.5	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.19.1.9	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.19.1.12	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.19.1.18	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.19.1.22	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.19.1.24	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.19.1.27	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.19.1.28	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.19.1.31	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.20.1	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.20.1.5	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.20.2	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.20.2.10	/	/	/	/	/	/	/
o	cisco	adaptive_security_appliance_software	9.20.2.21	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.0	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.0.1	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.1	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.2	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.3	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.4	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.4.1	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.5	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.5.1	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.5.2	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.6	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.7	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.8	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.2.8.1	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.3.0	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.3.1	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.3.1.1	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.3.1.2	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.4.0	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.4.1	/	/	/	/	/	/	/
a	cisco	firepower_threat_defense_software	7.4.1.1	/	/	/	/	/	/	/

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-9FgEyHsF

CVSS Score

8.6 / 10

CVSS Data

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: CHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Date

Published: Oct. 23, 2024, 6:15 p.m.
Last Modified: Nov. 5, 2024, 7:43 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

ykramarz@cisco.com

CVE-2024-20426