—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability

Advisory ID: cisco-sa-20170927-ike

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12237

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition.

The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition.

Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike”]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410”].

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZy815ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkqSA//XDX6CJfZxPEuKzCE
8U1r6FinZW9fpdi+xNlQiBGwnxen8aQvNbVyVPsRYLC1xgMt6RtW2bA3HEoaxGV1
gueQzd9Xi60Dd/YnZCwZlD1RCQNWbHxrbqlC1R6tKK/pi9DkVdovz3wem7ETyu0A
GJGcrBh8Ambiv/eFLwj7n7QazWOFffLqzhK7hsAfFpzTxwbDTgVkIWsYIMmrkDpU
A52Ho2yx/jcyCNqzeZspkA1oY+4BouomrtMcVvP1C8CVV9wlh7UIceRU5TJ+nrIR
uBIyLrFR29VzlfJO6jtySwZBb1KwXJMWWn230zubashjAJ/8s1gFSkooQ4m0nTa5
l+f5xB54/Ni6g51krck/XGT2peBBOTfo7jkp0QhVnaOf05FTehVEug0WFMyciJVZ
FVQN78Py4tgUYsEg+RnEqobm5gPbvpnm9ab2HvDvSfRqbGqacf6Ht43a64lMjbqm
pLUacHx9vfokdjnlwW5BVZ/7BBdfVwWPX26rRjeRaEMppNjqLjpyETTiqIi9v044
uQEHXvRC7koroSsuaWDNLRJcuN0Ut1aP9sOULGD7Cm9xLoc1iDuJ1/x5fNRR95r8
hh/nt9Rh6Dq07gweHT0/gBYUAV9NftNk2f/pJo+eGKWLrqjE0JT2kW3TzZ1yRAZ7
vzkDYQjZLtrZvDqoSq3JV045Nfo=
=HInu
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com