—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

IPv6 over IPsec Denial of Service Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Component Affected

Cisco Firepower 2100 Series Firewalls

Overview

A vulnerability has been reported in RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper processing of IPv6 packets. An attacker could exploit this vulnerability by sending IPv6 packets over an IPsec VPN connection to an affected device.

Successful exploitation of this vulnerability could allow the attacker to trigger a reload of the device, resulting in a DoS condition.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp2k-IPsec-dos-tjwgdZCO

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp2k-IPsec-dos-tjwgdZCO

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp2k-IPsec-dos-tjwgdZCO

CVE Name

CVE-2025-20222

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmipzBYACgkQ3jCgcSdc

ys/9EQ/+IvRqWkq+WsfJ7C1BKvPDKm3RYeqdxMfsfcSjVk96GNi5TICsgVy9h+vQ

NhK2RLUZ5MJS//3gn6AF+S0rf/43cQ6FGi4MKfqEq0fvcrbaGRH88di9JHgbaHAQ

b5ahw15lf6RAd7WEtSoNPfgsw1k0YbeWjQmhTwTXQaMBJtdYGY8Gq4QhrsC5/nLL

wDmL+YgqKHivQl94kKlog4Tig8+JHZID8Hr8RkYIlsFBtjNyTvSL1rh+SvEJViuq

Mk4bfjpBUHUS605IbWaOlrJ+4shGES2C0fhgRvOqqOlzWInyuQLW59PxPQ44sKvQ

0ngFb/8hZXgNSVlKkeMvB0TsmeSGA3DHAD8pwESBCMQ2xzfvDZsceEFjTfawPf4m

usMDYSTnT7nVrZlKrDjAEJFyPhmafRPMYFMVI0hf4+5WouC1VQb0WdxaeoKwRWi9

zYDB2djH1ShCjIA1sy5QMo1cRgqz1cgCPopaTWBHdyAJm5+vgBu/4+f1XEIcMnkr

rRYdJiXUGioDH7iVic7C5H0g/bS5C3zeVBlsMKyen71MSMO0FneTZFgh0pFJ+ZVU

zbXLoIItcbja2zHVqEwm1OQBpiHAX3pI8cuBa2J4UuQrWng3aS7HmOwrstyTwiPp

7×2+S29OcyacqbsrXQ/mwMZr4D5ZuyZoOLL9WvT3TimZkFSWxgg=

=mNRk

—–END PGP SIGNATURE—–