A critical vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system.
To determine whether the Cisco ASA is configured to terminate IKEv1 or IKEv2 VPN connections, a crypto map must be configured for at least one interface. Administrators should use the show running-config crypto map | include interface command and verify that it returns output. The following example shows a crypto map called outside_map configured on the outside interface:
ciscoasa# show running-config crypto map | include interface
crypto map outside_map interface outside
Affected Cisco ASA Software running on the following products may be affected by this vulnerability:
Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license.
If you require any further information or assistance, please feel free to contact Ashco Systems.