CVE-2017-6610

Name of the Vulnerable Software and Affected Versions Cisco ASA Software versions prior to 9.1(7.7) Cisco ASA Software versions prior to 9.2(4.11) Cisco ASA Software versions prior to 9.4(4) Cisco ASA Software versions prior to 9.5(3) Cisco ASA Software versions prior to 9.6(1.5)

Description A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code could allow an authenticated, remote attacker to cause a reload of an affected system. The issue is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this by sending crafted parameters. Note that only traffic directed to the affected system can be used to exploit this vulnerability, and a valid IKEv1 Phase 1 needs to be established, which requires knowledge of a pre-shared key or a valid certificate for phase 1 authentication.

Recommendations For versions prior to 9.1(7.7), update to version 9.1(7.7) or later. For versions prior to 9.2(4.11), update to version 9.2(4.11) or later. For versions prior to 9.4(4), update to version 9.4(4) or later. For versions prior to 9.5(3), update to version 9.5(3) or later. For versions prior to 9.6(1.5), update to version 9.6(1.5) or later.