[CIVN-2026-0165] Cisco IKEv2 Denial of Service vulnerability
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Cisco IKEv2 Denial of Service vulnerability
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
IOS Software
IOS XE Software
Secure Firewall ASA Software
Secure FTD Software
Overview
A vulnerability has been reported in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition on an affected device.
Target Audience:
All IT administrators and individuals responsible for maintaining and updating in Software.
Risk Assessment:
High risk of data manipulation and service disruption.
Impact Assessment:
Potential impact on confidentiality, integrity, and availability of the system.
Description
This vulnerability exists due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device.
Successful exploitation of this vulnerability could allow the attacker to reload, resulting in a DoS condition.
Solution
Apply appropriate updates as mentioned in Cisco Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-kPEpQGGK
Vendor Information
CISCO
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-kPEpQGGK
References
CISCO
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-kPEpQGGK
CVE Name
CVE-2026-20012
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnOhCAACgkQ3jCgcSdc
ys8DcQ//emDXOQXwsmEpdNG9t8liiKexE8zURy5PG6pQHhc1cS+smIQYA3SqpQFb
m1oBioIMdhVo3ic/1qI97kTyv3Vup4zl17Us/FeNuwFPUDXQaa7Zy5c7BlixkTJB
2R+pSgA3TKUcSWR4zkEsnCa92JUhPgUh31lWUzVRSR5lqendQP1OKjy7WFvFSI3D
+Fy1yX4lsW+fPf0SA4gL5DxEmdPpUf0vXSthdb2zH4el2OpnO9oFHm/KgXRXUROo
dqlWQvfcR2rffS6UTBN6kJK4/2k2zioDo/l39AvPJkZCSxBXeGY/I5XxDTw0pfrJ
jIko2RE86/Bv8LAqy5oW9WYZMO9sbGKmY5UPVz5YvSqRWwRMwds0xSGMc6gMY0XF
XjevOJ9OmnehKmVNyQ3JDBfMsU7H23mRbudSIjGozB/xWz/SLG4kvUVkYNRcsxOx
3yCyP0rvc7Qqk7hNVuv/+Ck/huit0w+j4PX+7Acp00qkeOCWT1N5onOTGbuLMHyk
K1+rfgU2MQeloU5yFia9nSHGldRE2zT6esdhgdPOe+nALzEuab2wDkbuZMxpXRqJ
tHNHlQ2t4DM4JxaFNHB6/F3bf0EUCW3jOzCMplg+HWksthomCA412g4JkiCO/FBj
xBfzIGthpOep3xMVla1UPqHq044HLCySfE8C6N3UwlIS71DlP2Y=
=lGlA
—–END PGP SIGNATURE—–
