CVE-2024-20426

{"id": "CVE-2024-20426", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2024-10-23T18:15:10.147", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-9FgEyHsF", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en el protocolo de intercambio de claves de Internet versi\u00f3n 2 (IKEv2) para la terminaci\u00f3n de VPN del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tr\u00e1fico IKEv2 manipulado a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el dispositivo se recargue, lo que da como resultado una condici\u00f3n de DoS."}], "lastModified": "2024-11-05T19:43:16.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BA16A6D-2747-4DAC-A30A-166F1FD906FA"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "289F9874-FC01-4809-9BDA-1AF583FB60B2"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74EDFC67-E4EE-4D2C-BF9F-5881C987C662"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "826869BE-4874-4BBA-9392-14851560BA10"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF52D477-3045-45D1-9FD3-12F396266463"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88E310BF-F1F6-4124-A875-81967B9B531E"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B330F8F-F0DA-472C-A932-AD1D232C7DB5"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BF59DAA-268C-4FCF-A0AA-7967128AEBC5"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.46:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "140ED95D-173C-4ADB-A2E6-97F0D595D1AB"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC9B00E1-3E50-4356-B6D9-F84BCD552402"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.55:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "552319A9-01F7-47BA-83B3-B2DD648AA07E"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.56:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4914603C-4B1B-48F1-826C-DB803BD21F87"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AE21762-3085-4AFC-B1DE-A4562CDAC509"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "852C3478-7529-4002-8540-ABA4D556DEFC"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23B8A815-5D58-4952-936E-D47B83637BEB"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C98D085-E321-4BAE-AF03-ABDEDC4D24BE"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C05599C9-C0DB-47C1-B145-C410076C1049"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BC91A59-0BFA-4DE8-B414-7558D27FBC54"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEE52F59-AABA-4069-A909-64AD5DFD2B18"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20D7966E-B02B-48C8-BF96-723DD6C25314"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA618249-E76F-4104-9326-C9F2DC8DE3D7"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C925E1F-6BD9-4CD1-8AC4-4263A9094786"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5EE76D9-6D18-4823-B6B0-E1394A4D140C"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F635946-586D-4DE2-927B-300CE569C596"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "459C11B9-ABA1-472A-8CDA-9C7B4E48E943"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA060112-E2D8-4EC5-8400-D8D189A119B5"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3888BB0-B529-486C-8563-392BD1C5DFD5"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43FE3FA7-8281-4BD9-A08B-8C79D369480E"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B25468E3-03F9-4C2A-B82A-F87F4FCD57E8"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EC6F412-4A30-4E9A-B8DF-C4BF80E5C4B8"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA47E8EA-29F2-40F3-826E-E7295FFAD8C1"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4D303F8-E6AA-4F1C-9988-055EECD0A902"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DCBBA66-6D00-4D8B-86FE-81EF431A7806"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8288F62-8BEC-4318-8096-9D36817D1D80"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A617690D-92D7-4793-AEAC-15F31162D5F2"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9608894-B4A7-49A1-863A-D44E53D6CE69"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FDB77ED-AB5E-475F-A5F8-515B807E99A5"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BEE0323-AC5A-4570-9681-14CD9FB8FD46"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6773BC9-C84C-4249-B6C3-FD39BAAA0555"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4DFC6F7-2BA1-4F32-AD55-8BF0888FDB92"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "291705AE-7BAE-4305-BECA-204821BF467A"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC683581-4B46-46A8-BBD8-CB01283641DF"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC2A816A-63D6-498B-B167-BE71F0019DB1"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "294D71C7-FFC3-4431-88AA-E03EFAE78CCE"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA8287D0-B817-4143-BE34-B3C7FEC7BDEF"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9621C619-C4F8-4906-8A24-E560C08F6921"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB7F9C8B-35E4-459C-B31E-FCF2DAD0120E"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AF82E95-C8D3-402B-BC97-29EA1771D5EA"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0350CCE9-512A-4A77-8FAB-7A8F9B061170"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CC55E28-36AC-4D40-BB6D-A1B53503F5E4"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66F0A624-DDE8-490C-9DA4-762CD39764B2"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "901C034C-DDA4-49E1-B8B4-62F3B5C00173"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D094896F-425A-4E69-8941-41147222C42D"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30825677-8EF7-46A0-BB47-887707E007C3"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}