{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/cisco-secure-firewall-adaptive-security-appliance-asa-software/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Cisco IOS Software","Cisco IOS XE Software","Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","Cisco Secure Firewall Threat Defense (FTD) Software"],"_cs_severities":["high"],"_cs_tags":["cve-2026-20012","denial-of-service","cisco","ikev2"],"_cs_type":"advisory","_cs_vendors":["Cisco"],"content_html":"\u003cp\u003eCVE-2026-20012 affects the Internet Key Exchange version 2 (IKEv2) implementation in Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software. Published in March 2026, the vulnerability stems from the improper parsing of IKEv2 packets. An unauthenticated, remote attacker can exploit this flaw by sending crafted IKEv2 packets to a vulnerable device. Successful exploitation leads to a memory leak, resulting in a denial-of-service (DoS) condition. For IOS and IOS XE Software, this manifests as a device reload, while ASA and FTD Software experience partial exhaustion of system memory, leading to instability and the inability to establish new IKEv2 VPN sessions. Recovery requires a manual reboot. This vulnerability poses a significant threat to network availability and security.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Cisco device running IKEv2.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious IKEv2 packets designed to exploit the parsing vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted IKEv2 packets to the target device over UDP port 500 or 4500, the standard ports for IKEv2.\u003c/li\u003e\n\u003cli\u003eThe vulnerable device improperly parses the malicious IKEv2 packets.\u003c/li\u003e\n\u003cli\u003eThe improper parsing triggers a memory leak within the IKEv2 process.\u003c/li\u003e\n\u003cli\u003eThe memory leak gradually consumes available system memory.\u003c/li\u003e\n\u003cli\u003eOn Cisco IOS and IOS XE Software, the device reaches a critical memory threshold, causing a system reload and a DoS condition.\u003c/li\u003e\n\u003cli\u003eOn Cisco ASA and FTD Software, the memory exhaustion leads to system instability, preventing the establishment of new IKEv2 VPN sessions and requiring a manual reboot to recover.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful exploit of CVE-2026-20012 can lead to significant disruption of network services. Cisco IOS and IOS XE devices may experience complete outages due to device reloads, affecting all services reliant on those devices. Cisco ASA and FTD devices will suffer degraded performance and an inability to establish new VPN connections, impacting remote access and secure communication. The necessity of a manual reboot for recovery prolongs the downtime and requires administrative intervention. The vulnerability has a CVSS v3.1 base score of 8.6, highlighting its severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Cisco IOS Software and IOS XE Software to patched versions to prevent device reloads (Refer to Cisco advisory for specific versions and patch information).\u003c/li\u003e\n\u003cli\u003eUpgrade Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software to patched versions to prevent system instability and memory exhaustion (Refer to Cisco advisory for specific versions and patch information).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious IKEv2 packets originating from untrusted sources, focusing on unusual packet structures or sizes (Enable network connection logging and deploy the \u0026quot;Detect Suspicious IKEv2 Traffic\u0026quot; Sigma rule).\u003c/li\u003e\n\u003cli\u003eImplement rate limiting for IKEv2 traffic to mitigate the impact of potential exploits (Consult your Cisco device documentation for rate limiting configuration).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-cisco-ikev2-dos/","summary":"CVE-2026-20012 is a vulnerability in the IKEv2 feature of multiple Cisco products that allows an unauthenticated remote attacker to cause a denial of service by sending crafted IKEv2 packets leading to memory exhaustion.","title":"Cisco IKEv2 Memory Leak Vulnerability (CVE-2026-20012)","url":"https://feed.craftedsignal.io/briefs/2024-01-cisco-ikev2-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"https://jsonfeed.org/version/1.1"}