Unauthenticated remote attackers can exploit a memory leak in the IKEv2 feature of multiple Cisco security and networking products to trigger a persistent Denial of Service.

This vulnerability exists in the Internet Key Exchange version 2 (IKEv2) feature. An unauthenticated, remote attacker can send crafted IKEv2 packets to an affected device, triggering a memory leak that eventually exhausts system resources.

A successful exploit results in a Denial of Service (DoS), potentially crashing core networking or security infrastructure. This can lead to significant network downtime and loss of connectivity for remote workers and branch offices. The CVSS score of 8.6 indicates a High severity risk to availability.

Immediate Action: Apply the software updates provided by Cisco for IOS, IOS XE, ASA, and FTD software to resolve the memory management flaw.

Proactive Monitoring: Monitor device memory utilization and IKEv2 session statistics for unusual growth or exhaustion patterns.

Compensating Controls: If patching is not immediately possible, consider rate-limiting IKEv2 traffic or restricting VPN tunnel establishment to known peer IP addresses where feasible.

Public Exploit Available: false

Cisco administrators should treat this as a high-priority update. Because this flaw impacts the availability of primary security gateways and routers, immediate patching is the only way to ensure continuous network operations and defense against DoS attacks.