← Back

CVE-2021-40125

nvd nist
Published: Oct 27, 2021Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a resource. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. A successful exploit could allow the attacker to trigger a reload of the device.

Affected (17)

Cisco
10 products
Adaptive Security Appliance Software
Firepower Threat Defense
Asa 5512 X Firmware
Asa 5505 Firmware
Asa 5515 X Firmware
Asa 5525 X Firmware
Asa 5545 X Firmware
Asa 5555 X Firmware
Asa 5580 Firmware
Asa 5585 X Firmware
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Adaptive Security Appliance Software
From 9.14.0 to 9.14.3.9
Adaptive Security Appliance Software
From 9.15.0 to 9.15.1.17
Adaptive Security Appliance Software
From 9.16.0 to 9.16.2
Adaptive Security Appliance Software
From 9.8.0 to 9.8.4.40
Adaptive Security Appliance Software
From 9.9.0 to 9.12.4.30
Cisco
Firepower Threat Defense
Before 6.4.0.13
Firepower Threat Defense
From 6.6.0 to 6.6.5
Firepower Threat Defense
From 6.7.0 to 6.7.0.3
Firepower Threat Defense
From 7.0.0 to 7.0.1
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Asa 5512 X Firmware
Version 009.016(001.025)
Running on/withPlatform Versions
Cisco
Asa 5512 X
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Asa 5505 Firmware
Version 009.016(001.025)
Running on/withPlatform Versions
Cisco
Asa 5505
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Asa 5515 X Firmware
Version 009.016(001.025)
Running on/withPlatform Versions
Cisco
Asa 5515 X
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Asa 5525 X Firmware
Version 009.016(001.025)
Running on/withPlatform Versions
Cisco
Asa 5525 X
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Asa 5545 X Firmware
Version 009.016(001.025)
Running on/withPlatform Versions
Cisco
Asa 5545 X
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Asa 5555 X Firmware
Version 009.016(001.025)
Running on/withPlatform Versions
Cisco
Asa 5555 X
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Asa 5580 Firmware
Version 009.016(001.025)
Running on/withPlatform Versions
Cisco
Asa 5580
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Asa 5585 X Firmware
Version 009.016(001.025)
Running on/withPlatform Versions
Cisco
Asa 5585 X
All versions

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.