CVE-2018-0472

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified) Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) (affected versions not specified)

Description A vulnerability in the IPsec driver code could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device.

Recommendations For Cisco IOS XE Software, update to a version that includes the fix for this vulnerability. For Cisco ASA 5500-X Series Adaptive Security Appliance (ASA), update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the IPsec driver code until a patch is available. Note: Cisco has released software updates that address this vulnerability, but there are no workarounds that address this vulnerability.