CVE-2025-20182

{"id": "CVE-2025-20182", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2025-05-07T18:15:38.120", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2", "source": "psirt@cisco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient input validation when processing IKEv2 messages. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition on the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en el procesamiento del protocolo de Intercambio de Claves de Internet versi\u00f3n 2 (IKEv2) del software Cisco Adaptive Security Appliance (ASA), Cisco Firepower Threat Defense (FTD), Cisco IOS y Cisco IOS XE podr\u00eda permitir que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente al procesar mensajes IKEv2. Un atacante podr\u00eda explotar esta vulnerabilidad enviando tr\u00e1fico IKEv2 manipulado a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar la recarga del dispositivo, lo que provocar\u00eda una denegaci\u00f3n de servicio (DoS) en el dispositivo afectado."}], "lastModified": "2025-05-08T14:39:09.683", "sourceIdentifier": "psirt@cisco.com"}