vulnerability
Cisco FTD: CVE-2021-40125: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv2 Site-to-Site VPN Denial of Service Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:S/C:N/I:N/A:C) | Oct 27, 2021 | Jan 29, 2025 | Mar 31, 2026 |
Description
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a resource. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. A successful exploit could allow the attacker to trigger a reload of the device.
Solution
References
- CVE-2021-40125
- https://attackerkb.com/topics/CVE-2021-40125
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-g4cmrr7C
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-27312
- CISCO-cisco-sa-asaftd-ikev2-dos-g4cmrr7C
- CWE-416
- CWE-400
- EUVD-EUVD-2021-27312
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.