CVE-2025-20192

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The attacker must have valid IKEv1 VPN credentials to exploit this issue. This is due to improper validation of IKEv1 phase 2 parameters before the IPsec security association creation request is handed off to the hardware cryptographic accelerator of an affected device. An attacker could exploit this by sending crafted IKEv1 messages to the affected device, potentially causing the device to reload.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.