7.8 - cisco-sa-20170927-ike

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition.

The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition.

Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

BEGIN PGP SIGNATURE

iQKBBAEBAgBrBQJZy815ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkqSA//XDX6CJfZxPEuKzCE 8U1r6FinZW9fpdi+xNlQiBGwnxen8aQvNbVyVPsRYLC1xgMt6RtW2bA3HEoaxGV1 gueQzd9Xi60Dd/YnZCwZlD1RCQNWbHxrbqlC1R6tKK/pi9DkVdovz3wem7ETyu0A GJGcrBh8Ambiv/eFLwj7n7QazWOFffLqzhK7hsAfFpzTxwbDTgVkIWsYIMmrkDpU A52Ho2yx/jcyCNqzeZspkA1oY+4BouomrtMcVvP1C8CVV9wlh7UIceRU5TJ+nrIR uBIyLrFR29VzlfJO6jtySwZBb1KwXJMWWn230zubashjAJ/8s1gFSkooQ4m0nTa5 l+f5xB54/Ni6g51krck/XGT2peBBOTfo7jkp0QhVnaOf05FTehVEug0WFMyciJVZ FVQN78Py4tgUYsEg+RnEqobm5gPbvpnm9ab2HvDvSfRqbGqacf6Ht43a64lMjbqm pLUacHx9vfokdjnlwW5BVZ/7BBdfVwWPX26rRjeRaEMppNjqLjpyETTiqIi9v044 uQEHXvRC7koroSsuaWDNLRJcuN0Ut1aP9sOULGD7Cm9xLoc1iDuJ1/x5fNRR95r8 hh/nt9Rh6Dq07gweHT0/gBYUAV9NftNk2f/pJo+eGKWLrqjE0JT2kW3TzZ1yRAZ7 vzkDYQjZLtrZvDqoSq3JV045Nfo= =HInu END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com