Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability
Cisco Security Advisory
Emergency Support:
+1 877 228 7302 (toll-free within North America)
+1 408 525 6532 (International direct-dial)
Non-emergency Support:
Email: psirt@cisco.com
Support requests that are received via e-mail are typically acknowledged within 48 hours.
Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.
More information can be found in Cisco Security Vulnerability Policy available at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
cisco-sa-20170927-ike
Final
1.1
1.0
2017-09-27T14:57:54
Initial public release.
1.1
2022-12-17T05:27:48
Updated exploitation information.
2017-09-27T16:00:00
2022-12-17T05:27:48
TVCE
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition.
The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition.
Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike"]
This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].
This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software and have the Internet Security Association and Key Management Protocol (ISAKMP) enabled.
For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software ["#fixed"] section of this advisory.
Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled.
A device does not need to be configured with any IKEv2-specific features to be vulnerable.
Many features use IKEv2, including different types of VPNs such as the following:
LAN-to-LAN VPN
Remote-access VPN, excluding SSL VPN
Dynamic Multipoint VPN (DMVPN)
FlexVPN
The preferred method to determine whether a device has been configured for IKE is to issue the show ip sockets or show udp EXEC command in the CLI. If UDP port 500, UDP port 848, or UDP port 4500 is open on a device, the device is processing IKE packets.
In the following example, the device is processing IKE packets on UDP port 500 and UDP port 4500, using either IPv4 or IPv6:
router# show udp
Proto Remote Port Local Port In Out Stat TTY OutputIF 17 --listen-- 192.168.130.21 500 0 0 1001011 0 17(v6) --listen-- UNKNOWN 500 0 0 1020011 0 17 --listen-- 192.168.130.21 4500 0 0 1001011 0 17(v6) --listen-- UNKNOWN 4500 0 0 1020011 0 . . . router#
Determining the Cisco IOS Software Release
To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output.
The following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . .
For information about the naming and numbering conventions for Cisco IOS Software releases, see White Paper: Cisco IOS and NX-OS Software Reference Guide ["https://www.cisco.com/c/en/us/about/security-center/ios-nx-os-reference-guide.html"].
Determining the Cisco IOS XE Software Release
To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text.
The following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M:
ios-xe-device# show version
Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . .
For information about the naming and numbering conventions for Cisco IOS XE Software releases, see White Paper: Cisco IOS and NX-OS Software Reference Guide ["https://www.cisco.com/c/en/us/about/security-center/ios-nx-os-reference-guide.html"].
No other Cisco products are currently known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect Cisco IOS XR Software or Cisco NX-OS Software.
Cisco has also confirmed that this vulnerability does not affect Cisco ASA 5500 Series Adaptive Security Appliances.
The IKEv2 protocol is used in the IPsec protocol suite to negotiate cryptographic attributes that will be used to encrypt or authenticate the communication session. These attributes include the cryptographic algorithm, mode, and shared keys. The result of an IKE negotiation is a shared session secret that will be used to derive cryptographic keys.
Cisco IOS Software and Cisco IOS XE Software support IKEv2 for IPv4 and IPv6 communications. IKEv2 communications can use the following UDP ports:
UDP port 500
UDP port 848, Group Domain of Interpretation (GDOI)
UDP port 4500, Network Address Translation Traversal (NAT-T)
Only IKEv2 packets can trigger this vulnerability. Although IKEv2 is automatically enabled on Cisco IOS Software and Cisco IOS XE Software when ISAKMP is enabled, the vulnerability can be triggered only by sending IKEv2 packets.
An attacker could exploit this vulnerability using either IPv4 or IPv6 on any of the listed UDP ports.
Depending on the platform and exploit used, impacts of exploitation may differ by platform, including high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition.
This vulnerability could lead to high CPU utilization by the Crypto IKEv2 process. The following example shows high CPU utilization that may be caused by this vulnerability:
Router# sh proc cpu sorted
CPU utilization for five seconds: 99%/6%; one minute: 64%; five minutes: 52% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 391 2949388 188131 15677 83.72% 53.79% 43.27% 0 Crypto IKEv2
Traceback messages triggered by this vulnerability would note CPUHOG indicators for the Crypto IKEv2 process. The following example shows a traceback message that may be caused by this vulnerability:
date-time: %SYS-3-CPUHOG: Task is running for (2275)msecs, more than (2000)msecs (0/0),process = Crypto IKEv2
If the device reloads because of this vulnerability, the resulting message would indicate that the Crypto IKEv2 process caused the reload. The following example shows a device reload that results from this vulnerability:
IOSXE-WATCHDOG: Process = Crypto IKEv2
If the software release on the device supports the crypto ikev2 limit queue sa-init configuration command (see Cisco bug CSCvc12306 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc12306"]), using this command is equivalent to performing an upgrade to a fixed release. Otherwise, there are no workarounds that address this vulnerability.
Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"]
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"]
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Cisco IOS and IOS XE Software
To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker ["https://sec.cloudapps.cisco.com/security/center/selectIOSVersion.x"], that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”).
Customers can use this tool to perform the following tasks:
Initiate a search by choosing one or more releases from a drop-down menu or uploading a file from a local system for the tool to parse
Enter the output of the show version command for the tool to parse
Create a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication
To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker ["https://sec.cloudapps.cisco.com/security/center/selectIOSVersion.x"] on Cisco.com or enter a Cisco IOS Software or Cisco IOS XE Software release-for example, 15.1(4)M2 or 3.13.8S-in the following field:
For a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes ["https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp3000032"], Cisco IOS XE 3S Release Notes ["https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_rn_3s_sys_req.html#wp3069754"], or Cisco IOS XE 3SG Release Notes ["https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24726.html#pgfId-2570252"], depending on the Cisco IOS XE Software release.
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
In March 2022, the Cisco Product Security Incident Response Team (PSIRT) became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.
This vulnerability was found during the resolution of a Cisco TAC support case.
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike
Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-63410
Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
Cisco IOS 15.2(2)S
Cisco IOS 15.2(4)S
Cisco IOS 15.2(2)S1
Cisco IOS 15.2(2)S2
Cisco IOS 15.2(2)S0a
Cisco IOS 15.2(2)S0c
Cisco IOS 15.2(2)S0d
Cisco IOS 15.2(4)S1
Cisco IOS 15.2(4)S4
Cisco IOS 15.2(4)S6
Cisco IOS 15.2(4)S2
Cisco IOS 15.2(4)S5
Cisco IOS 15.2(4)S3
Cisco IOS 15.2(4)S0c
Cisco IOS 15.2(4)S1c
Cisco IOS 15.2(4)S3a
Cisco IOS 15.2(4)S4a
Cisco IOS 15.2(4)S7
Cisco IOS 15.2(4)S8
Cisco IOS 15.3(1)T
Cisco IOS 15.3(2)T
Cisco IOS 15.3(1)T1
Cisco IOS 15.3(1)T2
Cisco IOS 15.3(1)T3
Cisco IOS 15.3(1)T4
Cisco IOS 15.3(2)T1
Cisco IOS 15.3(2)T2
Cisco IOS 15.3(2)T3
Cisco IOS 15.3(2)T4
Cisco IOS 15.0(2)SE1
Cisco IOS 15.0(2)SE2
Cisco IOS 15.0(2)SE3
Cisco IOS 15.0(2)SE4
Cisco IOS 15.0(2)SE5
Cisco IOS 15.0(2)SE6
Cisco IOS 15.0(2)SE7
Cisco IOS 15.0(2)SE8
Cisco IOS 15.0(2)SE9
Cisco IOS 15.0(2a)SE9
Cisco IOS 15.0(2)SE10
Cisco IOS 15.0(2)SE11
Cisco IOS 15.0(2)SE10a
Cisco IOS 15.0(2)SE12
Cisco IOS 15.0(2)SE13
Cisco IOS 15.0(2)SE13a
Cisco IOS 15.0(2)SE13b
Cisco IOS 15.0(2)SE13c
Cisco IOS 15.0(2)SE13d
Cisco IOS 15.2(4)M
Cisco IOS 15.2(4)M1
Cisco IOS 15.2(4)M2
Cisco IOS 15.2(4)M4
Cisco IOS 15.2(4)M3
Cisco IOS 15.2(4)M5
Cisco IOS 15.2(4)M8
Cisco IOS 15.2(4)M10
Cisco IOS 15.2(4)M7
Cisco IOS 15.2(4)M6
Cisco IOS 15.2(4)M9
Cisco IOS 15.2(4)M6b
Cisco IOS 15.2(4)M6a
Cisco IOS 15.2(4)M11
Cisco IOS 15.0(2)EX
Cisco IOS 15.0(2)EX1
Cisco IOS 15.0(2)EX2
Cisco IOS 15.0(2)EX3
Cisco IOS 15.0(2)EX4
Cisco IOS 15.0(2)EX5
Cisco IOS 15.0(2)EX6
Cisco IOS 15.0(2)EX7
Cisco IOS 15.0(2)EX8
Cisco IOS 15.0(2a)EX5
Cisco IOS 15.2(2)GC
Cisco IOS 15.2(3)GC
Cisco IOS 15.2(3)GC1
Cisco IOS 15.2(4)GC
Cisco IOS 15.2(4)GC1
Cisco IOS 15.2(4)GC2
Cisco IOS 15.2(4)GC3
Cisco IOS 15.1(1)SY
Cisco IOS 15.1(1)SY1
Cisco IOS 15.1(2)SY
Cisco IOS 15.1(2)SY1
Cisco IOS 15.1(2)SY2
Cisco IOS 15.1(1)SY2
Cisco IOS 15.1(1)SY3
Cisco IOS 15.1(2)SY3
Cisco IOS 15.1(1)SY4
Cisco IOS 15.1(2)SY4
Cisco IOS 15.1(1)SY5
Cisco IOS 15.1(2)SY5
Cisco IOS 15.1(2)SY4a
Cisco IOS 15.1(1)SY6
Cisco IOS 15.1(2)SY6
Cisco IOS 15.1(2)SY7
Cisco IOS 15.1(2)SY8
Cisco IOS 15.1(2)SY9
Cisco IOS 15.1(2)SY10
Cisco IOS 15.3(1)S
Cisco IOS 15.3(2)S
Cisco IOS 15.3(3)S
Cisco IOS 15.3(1)S2
Cisco IOS 15.3(1)S1
Cisco IOS 15.3(2)S2
Cisco IOS 15.3(2)S1
Cisco IOS 15.3(1)S1e
Cisco IOS 15.3(3)S1
Cisco IOS 15.3(3)S2
Cisco IOS 15.3(3)S3
Cisco IOS 15.3(3)S6
Cisco IOS 15.3(3)S4
Cisco IOS 15.3(3)S1a
Cisco IOS 15.3(3)S5
Cisco IOS 15.3(3)S2a
Cisco IOS 15.3(3)S7
Cisco IOS 15.3(3)S8
Cisco IOS 15.3(3)S6a
Cisco IOS 15.3(3)S9
Cisco IOS 15.3(3)S8a
Cisco IOS 15.4(1)T
Cisco IOS 15.4(2)T
Cisco IOS 15.4(1)T2
Cisco IOS 15.4(1)T1
Cisco IOS 15.4(1)T3
Cisco IOS 15.4(2)T1
Cisco IOS 15.4(2)T3
Cisco IOS 15.4(2)T2
Cisco IOS 15.4(1)T4
Cisco IOS 15.4(2)T4
Cisco IOS 15.2(1)E
Cisco IOS 15.2(2)E
Cisco IOS 15.2(1)E1
Cisco IOS 15.2(3)E
Cisco IOS 15.2(1)E2
Cisco IOS 15.2(1)E3
Cisco IOS 15.2(2)E1
Cisco IOS 15.2(2b)E
Cisco IOS 15.2(4)E
Cisco IOS 15.2(3)E1
Cisco IOS 15.2(2)E2
Cisco IOS 15.2(2a)E1
Cisco IOS 15.2(2)E3
Cisco IOS 15.2(2a)E2
Cisco IOS 15.2(3)E2
Cisco IOS 15.2(3a)E
Cisco IOS 15.2(3)E3
Cisco IOS 15.2(3m)E2
Cisco IOS 15.2(4)E1
Cisco IOS 15.2(2)E4
Cisco IOS 15.2(2)E5
Cisco IOS 15.2(4)E2
Cisco IOS 15.2(4m)E1
Cisco IOS 15.2(3)E4
Cisco IOS 15.2(5)E
Cisco IOS 15.2(3m)E7
Cisco IOS 15.2(4)E3
Cisco IOS 15.2(2)E6
Cisco IOS 15.2(5a)E
Cisco IOS 15.2(5)E1
Cisco IOS 15.2(5b)E
Cisco IOS 15.2(4m)E3
Cisco IOS 15.2(3m)E8
Cisco IOS 15.2(2)E5a
Cisco IOS 15.2(5c)E
Cisco IOS 15.2(3)E5
Cisco IOS 15.2(2)E5b
Cisco IOS 15.2(4n)E2
Cisco IOS 15.2(4o)E2
Cisco IOS 15.2(5a)E1
Cisco IOS 15.2(4)E4
Cisco IOS 15.2(5)E2
Cisco IOS 15.2(4p)E1
Cisco IOS 15.2(5)E2b
Cisco IOS 15.2(5)E2c
Cisco IOS 15.2(4m)E2
Cisco IOS 15.2(4o)E3
Cisco IOS 15.2(4q)E1
Cisco IOS 15.2(4s)E1
Cisco IOS 15.2(4s)E2
Cisco IOS 15.4(1)S
Cisco IOS 15.4(2)S
Cisco IOS 15.4(3)S
Cisco IOS 15.4(1)S1
Cisco IOS 15.4(1)S2
Cisco IOS 15.4(2)S1
Cisco IOS 15.4(1)S3
Cisco IOS 15.4(3)S1
Cisco IOS 15.4(2)S2
Cisco IOS 15.4(3)S2
Cisco IOS 15.4(3)S3
Cisco IOS 15.4(1)S4
Cisco IOS 15.4(2)S3
Cisco IOS 15.4(2)S4
Cisco IOS 15.4(3)S0d
Cisco IOS 15.4(3)S4
Cisco IOS 15.4(3)S0e
Cisco IOS 15.4(3)S5
Cisco IOS 15.4(3)S0f
Cisco IOS 15.4(3)S6
Cisco IOS 15.4(3)S7
Cisco IOS 15.4(3)S6a
Cisco IOS 15.3(3)M
Cisco IOS 15.3(3)M1
Cisco IOS 15.3(3)M2
Cisco IOS 15.3(3)M3
Cisco IOS 15.3(3)M5
Cisco IOS 15.3(3)M4
Cisco IOS 15.3(3)M6
Cisco IOS 15.3(3)M7
Cisco IOS 15.3(3)M8
Cisco IOS 15.3(3)M9
Cisco IOS 15.3(3)M8a
Cisco IOS 15.0(2)EZ
Cisco IOS 15.2(2)SC3
Cisco IOS 15.2(1)EY
Cisco IOS 15.0(2)EJ
Cisco IOS 15.0(2)EJ1
Cisco IOS 15.2(1)SY
Cisco IOS 15.2(1)SY1
Cisco IOS 15.2(1)SY0a
Cisco IOS 15.2(1)SY2
Cisco IOS 15.2(2)SY
Cisco IOS 15.2(1)SY1a
Cisco IOS 15.2(2)SY1
Cisco IOS 15.2(2)SY2
Cisco IOS 15.2(1)SY3
Cisco IOS 15.2(1)SY4
Cisco IOS 15.2(2)SY3
Cisco IOS 15.4(3)M
Cisco IOS 15.4(3)M1
Cisco IOS 15.4(3)M2
Cisco IOS 15.4(3)M3
Cisco IOS 15.4(3)M4
Cisco IOS 15.4(3)M5
Cisco IOS 15.4(3)M6
Cisco IOS 15.4(3)M7
Cisco IOS 15.4(3)M6a
Cisco IOS 15.4(3)M7a
Cisco IOS 15.2(4)JAZ1
Cisco IOS 15.3(3)XB12
Cisco IOS 15.4(1)CG
Cisco IOS 15.4(1)CG1
Cisco IOS 15.4(2)CG
Cisco IOS 15.5(1)S
Cisco IOS 15.5(2)S
Cisco IOS 15.5(1)S1
Cisco IOS 15.5(3)S
Cisco IOS 15.5(1)S2
Cisco IOS 15.5(1)S3
Cisco IOS 15.5(2)S1
Cisco IOS 15.5(2)S2
Cisco IOS 15.5(3)S1
Cisco IOS 15.5(3)S1a
Cisco IOS 15.5(2)S3
Cisco IOS 15.5(3)S2
Cisco IOS 15.5(3)S0a
Cisco IOS 15.5(3)S3
Cisco IOS 15.5(1)S4
Cisco IOS 15.5(2)S4
Cisco IOS 15.5(3)S4
Cisco IOS 15.5(3)S5
Cisco IOS 15.2(2)EB
Cisco IOS 15.2(2)EB1
Cisco IOS 15.2(2)EB2
Cisco IOS 15.5(1)T
Cisco IOS 15.5(1)T1
Cisco IOS 15.5(2)T
Cisco IOS 15.5(1)T2
Cisco IOS 15.5(1)T3
Cisco IOS 15.5(2)T1
Cisco IOS 15.5(2)T2
Cisco IOS 15.5(2)T3
Cisco IOS 15.5(2)T4
Cisco IOS 15.5(1)T4
Cisco IOS 15.2(2)EA
Cisco IOS 15.2(2)EA1
Cisco IOS 15.2(2)EA2
Cisco IOS 15.2(3)EA
Cisco IOS 15.2(4)EA
Cisco IOS 15.2(4)EA1
Cisco IOS 15.2(2)EA3
Cisco IOS 15.2(4)EA3
Cisco IOS 15.2(5)EA
Cisco IOS 15.2(4)EA4
Cisco IOS 15.2(4)EA2
Cisco IOS 15.2(4)EA5
Cisco IOS 15.4(2)SN
Cisco IOS 15.4(2)SN1
Cisco IOS 15.4(3)SN1
Cisco IOS 15.4(3)SN1a
Cisco IOS 15.5(3)M
Cisco IOS 15.5(3)M1
Cisco IOS 15.5(3)M0a
Cisco IOS 15.5(3)M2
Cisco IOS 15.5(3)M2a
Cisco IOS 15.5(3)M3
Cisco IOS 15.5(3)M4
Cisco IOS 15.5(3)M4a
Cisco IOS 15.5(3)M5
Cisco IOS 15.5(3)M4b
Cisco IOS 15.5(3)M4c
Cisco IOS 15.3(3)JAA1
Cisco IOS 15.5(1)SN
Cisco IOS 15.5(1)SN1
Cisco IOS 15.5(2)SN
Cisco IOS 15.5(3)SN0a
Cisco IOS 15.5(3)SN
Cisco IOS 15.0(2)SQD7
Cisco IOS 15.6(1)S
Cisco IOS 15.6(2)S
Cisco IOS 15.6(2)S1
Cisco IOS 15.6(1)S1
Cisco IOS 15.6(1)S2
Cisco IOS 15.6(2)S2
Cisco IOS 15.6(1)S3
Cisco IOS 15.6(2)S3
Cisco IOS 15.6(1)T
Cisco IOS 15.6(2)T
Cisco IOS 15.6(1)T0a
Cisco IOS 15.6(1)T1
Cisco IOS 15.6(2)T1
Cisco IOS 15.6(1)T2
Cisco IOS 15.6(2)T0a
Cisco IOS 15.6(2)T2
Cisco IOS 15.6(1)T3
Cisco IOS 15.3(3)JBB6a
Cisco IOS 15.3(1)SY
Cisco IOS 15.3(0)SY
Cisco IOS 15.3(1)SY1
Cisco IOS 15.3(1)SY2
Cisco IOS 15.3(3)JNC4
Cisco IOS 15.5(2)XB
Cisco IOS 15.6(2)SP
Cisco IOS 15.6(2)SP1
Cisco IOS 15.6(2)SP2
Cisco IOS 15.6(1)SN
Cisco IOS 15.6(1)SN1
Cisco IOS 15.6(2)SN
Cisco IOS 15.6(1)SN2
Cisco IOS 15.6(1)SN3
Cisco IOS 15.6(3)SN
Cisco IOS 15.6(4)SN
Cisco IOS 15.6(5)SN
Cisco IOS 15.6(6)SN
Cisco IOS 15.6(7)SN
Cisco IOS 15.6(7)SN1
Cisco IOS 15.6(7)SN2
Cisco IOS 15.6(7)SN3
Cisco IOS 15.3(3)JPB
Cisco IOS 15.6(3)M
Cisco IOS 15.6(3)M1
Cisco IOS 15.6(3)M0a
Cisco IOS 15.6(3)M1a
Cisco IOS 15.6(3)M1b
Cisco IOS 15.6(3)M2
Cisco IOS 15.6(3)M2a
Cisco IOS 15.2(4)EC1
Cisco IOS 15.2(4)EC2
Cisco IOS 15.3(3)JPC3
Cisco IOS 15.3(3)JND2
Cisco IOS 15.4(1)SY
Cisco IOS 15.4(1)SY1
Cisco IOS 15.4(1)SY2
Cisco IOS 15.5(1)SY
Cisco IOS 15.3(3)JCA7
Cisco IOS 15.3(3)JPI
Cisco IOS 15.3(3)JPJ
Cisco IOS XE Software 3.7.0S
Cisco IOS XE Software 3.7.1S
Cisco IOS XE Software 3.7.2S
Cisco IOS XE Software 3.7.3S
Cisco IOS XE Software 3.7.4S
Cisco IOS XE Software 3.7.5S
Cisco IOS XE Software 3.7.6S
Cisco IOS XE Software 3.7.7S
Cisco IOS XE Software 3.7.8S
Cisco IOS XE Software 3.7.4aS
Cisco IOS XE Software 3.7.2tS
Cisco IOS XE Software 3.7.0bS
Cisco IOS XE Software 3.7.1aS
Cisco IOS XE Software 3.8.0S
Cisco IOS XE Software 3.8.1S
Cisco IOS XE Software 3.8.2S
Cisco IOS XE Software 3.9.1S
Cisco IOS XE Software 3.9.0S
Cisco IOS XE Software 3.9.2S
Cisco IOS XE Software 3.9.0xaS
Cisco IOS XE Software 3.9.1aS
Cisco IOS XE Software 3.9.0aS
Cisco IOS XE Software 3.5.0E
Cisco IOS XE Software 3.5.1E
Cisco IOS XE Software 3.5.2E
Cisco IOS XE Software 3.5.3E
Cisco IOS XE Software 3.10.0S
Cisco IOS XE Software 3.10.1S
Cisco IOS XE Software 3.10.2S
Cisco IOS XE Software 3.10.3S
Cisco IOS XE Software 3.10.4S
Cisco IOS XE Software 3.10.5S
Cisco IOS XE Software 3.10.6S
Cisco IOS XE Software 3.10.1xcS
Cisco IOS XE Software 3.10.2aS
Cisco IOS XE Software 3.10.2tS
Cisco IOS XE Software 3.10.7S
Cisco IOS XE Software 3.10.1xbS
Cisco IOS XE Software 3.10.8S
Cisco IOS XE Software 3.10.8aS
Cisco IOS XE Software 3.10.9S
Cisco IOS XE Software 3.11.1S
Cisco IOS XE Software 3.11.2S
Cisco IOS XE Software 3.11.0S
Cisco IOS XE Software 3.11.3S
Cisco IOS XE Software 3.11.4S
Cisco IOS XE Software 3.12.0S
Cisco IOS XE Software 3.12.1S
Cisco IOS XE Software 3.12.2S
Cisco IOS XE Software 3.12.3S
Cisco IOS XE Software 3.12.0aS
Cisco IOS XE Software 3.12.4S
Cisco IOS XE Software 3.13.0S
Cisco IOS XE Software 3.13.1S
Cisco IOS XE Software 3.13.2S
Cisco IOS XE Software 3.13.3S
Cisco IOS XE Software 3.13.4S
Cisco IOS XE Software 3.13.5S
Cisco IOS XE Software 3.13.2aS
Cisco IOS XE Software 3.13.0aS
Cisco IOS XE Software 3.13.5aS
Cisco IOS XE Software 3.13.6S
Cisco IOS XE Software 3.13.7S
Cisco IOS XE Software 3.13.6aS
Cisco IOS XE Software 3.13.6bS
Cisco IOS XE Software 3.13.7aS
Cisco IOS XE Software 3.6.0E
Cisco IOS XE Software 3.6.1E
Cisco IOS XE Software 3.6.0aE
Cisco IOS XE Software 3.6.0bE
Cisco IOS XE Software 3.6.2aE
Cisco IOS XE Software 3.6.2E
Cisco IOS XE Software 3.6.3E
Cisco IOS XE Software 3.6.4E
Cisco IOS XE Software 3.6.5E
Cisco IOS XE Software 3.6.6E
Cisco IOS XE Software 3.6.5aE
Cisco IOS XE Software 3.6.5bE
Cisco IOS XE Software 3.14.0S
Cisco IOS XE Software 3.14.1S
Cisco IOS XE Software 3.14.2S
Cisco IOS XE Software 3.14.3S
Cisco IOS XE Software 3.14.4S
Cisco IOS XE Software 3.15.0S
Cisco IOS XE Software 3.15.1S
Cisco IOS XE Software 3.15.2S
Cisco IOS XE Software 3.15.1cS
Cisco IOS XE Software 3.15.3S
Cisco IOS XE Software 3.15.4S
Cisco IOS XE Software 3.7.0E
Cisco IOS XE Software 3.7.1E
Cisco IOS XE Software 3.7.2E
Cisco IOS XE Software 3.7.3E
Cisco IOS XE Software 3.7.4E
Cisco IOS XE Software 3.7.5E
Cisco IOS XE Software 3.16.0S
Cisco IOS XE Software 3.16.1S
Cisco IOS XE Software 3.16.0aS
Cisco IOS XE Software 3.16.1aS
Cisco IOS XE Software 3.16.2S
Cisco IOS XE Software 3.16.2aS
Cisco IOS XE Software 3.16.0bS
Cisco IOS XE Software 3.16.0cS
Cisco IOS XE Software 3.16.3S
Cisco IOS XE Software 3.16.2bS
Cisco IOS XE Software 3.16.3aS
Cisco IOS XE Software 3.16.4S
Cisco IOS XE Software 3.16.4aS
Cisco IOS XE Software 3.16.4bS
Cisco IOS XE Software 3.16.4gS
Cisco IOS XE Software 3.16.5S
Cisco IOS XE Software 3.16.4cS
Cisco IOS XE Software 3.16.4dS
Cisco IOS XE Software 3.16.4eS
Cisco IOS XE Software 3.17.0S
Cisco IOS XE Software 3.17.1S
Cisco IOS XE Software 3.17.2S
Cisco IOS XE Software 3.17.1aS
Cisco IOS XE Software 3.17.3S
Cisco IOS XE Software 16.1.1
Cisco IOS XE Software 16.1.2
Cisco IOS XE Software 16.1.3
Cisco IOS XE Software 16.2.1
Cisco IOS XE Software 16.2.2
Cisco IOS XE Software 3.8.0E
Cisco IOS XE Software 3.8.1E
Cisco IOS XE Software 3.8.2E
Cisco IOS XE Software 3.8.3E
Cisco IOS XE Software 3.8.4E
Cisco IOS XE Software 16.3.1
Cisco IOS XE Software 16.3.2
Cisco IOS XE Software 16.3.3
Cisco IOS XE Software 16.3.1a
Cisco IOS XE Software 16.3.4
Cisco IOS XE Software 16.4.1
Cisco IOS XE Software 16.4.2
Cisco IOS XE Software 16.5.1
Cisco IOS XE Software 16.5.1a
Cisco IOS XE Software 16.5.1b
Cisco IOS XE Software 3.18.0aS
Cisco IOS XE Software 3.18.0S
Cisco IOS XE Software 3.18.1S
Cisco IOS XE Software 3.18.2S
Cisco IOS XE Software 3.18.3S
Cisco IOS XE Software 3.18.0SP
Cisco IOS XE Software 3.18.1SP
Cisco IOS XE Software 3.18.1aSP
Cisco IOS XE Software 3.18.1gSP
Cisco IOS XE Software 3.18.1bSP
Cisco IOS XE Software 3.18.1cSP
Cisco IOS XE Software 3.18.2SP
Cisco IOS XE Software 3.18.1hSP
Cisco IOS XE Software 3.18.2aSP
Cisco IOS XE Software 3.18.1iSP
Cisco IOS XE Software 3.9.0E
Cisco IOS XE Software 3.9.1E
Cisco IOS XE Software 3.9.2E
Cisco IOS XE Software 3.9.2bE
Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability
CSCvc41277
CSCvc41277
Complete.
CVE-2017-12237
CVRFPID-103851
CVRFPID-106899
CVRFPID-107861
CVRFPID-111023
CVRFPID-112424
CVRFPID-112489
CVRFPID-113970
CVRFPID-114419
CVRFPID-115285
CVRFPID-115687
CVRFPID-115939
CVRFPID-115981
CVRFPID-116082
CVRFPID-116083
CVRFPID-116219
CVRFPID-116256
CVRFPID-116726
CVRFPID-116772
CVRFPID-116774
CVRFPID-117359
CVRFPID-117681
CVRFPID-117682
CVRFPID-117683
CVRFPID-117783
CVRFPID-117789
CVRFPID-117800
CVRFPID-117801
CVRFPID-117802
CVRFPID-117803
CVRFPID-117804
CVRFPID-183811
CVRFPID-183813
CVRFPID-183835
CVRFPID-183836
CVRFPID-183837
CVRFPID-183838
CVRFPID-183839
CVRFPID-184932
CVRFPID-184933
CVRFPID-187057
CVRFPID-187147
CVRFPID-187231
CVRFPID-187232
CVRFPID-187412
CVRFPID-187425
CVRFPID-187962
CVRFPID-188008
CVRFPID-188061
CVRFPID-188198
CVRFPID-189064
CVRFPID-189115
CVRFPID-189219
CVRFPID-189455
CVRFPID-189617
CVRFPID-189765
CVRFPID-190432
CVRFPID-190493
CVRFPID-190635
CVRFPID-190637
CVRFPID-190980
CVRFPID-191331
CVRFPID-191336
CVRFPID-191635
CVRFPID-191686
CVRFPID-191928
CVRFPID-191942
CVRFPID-191948
CVRFPID-191997
CVRFPID-192443
CVRFPID-192706
CVRFPID-192726
CVRFPID-192910
CVRFPID-193284
CVRFPID-193315
CVRFPID-193316
CVRFPID-193321
CVRFPID-193347
CVRFPID-193350
CVRFPID-193406
CVRFPID-193407
CVRFPID-193408
CVRFPID-193409
CVRFPID-193544
CVRFPID-194540
CVRFPID-194877
CVRFPID-194913
CVRFPID-194942
CVRFPID-194944
CVRFPID-195024
CVRFPID-195062
CVRFPID-195469
CVRFPID-195770
CVRFPID-195876
CVRFPID-195943
CVRFPID-195977
CVRFPID-196114
CVRFPID-196255
CVRFPID-196256
CVRFPID-196322
CVRFPID-197457
CVRFPID-197462
CVRFPID-197469
CVRFPID-197471
CVRFPID-197474
CVRFPID-197477
CVRFPID-197483
CVRFPID-197495
CVRFPID-198059
CVRFPID-198060
CVRFPID-198063
CVRFPID-198065
CVRFPID-198066
CVRFPID-198067
CVRFPID-198309
CVRFPID-198426
CVRFPID-198528
CVRFPID-200485
CVRFPID-200487
CVRFPID-200488
CVRFPID-200495
CVRFPID-200496
CVRFPID-200499
CVRFPID-200503
CVRFPID-200506
CVRFPID-200509
CVRFPID-200634
CVRFPID-201019
CVRFPID-201074
CVRFPID-201189
CVRFPID-201259
CVRFPID-201366
CVRFPID-201595
CVRFPID-201713
CVRFPID-202559
CVRFPID-202715
CVRFPID-203066
CVRFPID-204095
CVRFPID-204097
CVRFPID-204102
CVRFPID-204104
CVRFPID-204105
CVRFPID-204106
CVRFPID-204107
CVRFPID-204108
CVRFPID-204109
CVRFPID-204110
CVRFPID-204186
CVRFPID-204228
CVRFPID-204279
CVRFPID-204281
CVRFPID-204282
CVRFPID-204818
CVRFPID-204822
CVRFPID-204828
CVRFPID-204830
CVRFPID-204831
CVRFPID-204832
CVRFPID-204901
CVRFPID-205064
CVRFPID-205516
CVRFPID-205517
CVRFPID-205670
CVRFPID-205672
CVRFPID-205721
CVRFPID-209028
CVRFPID-209029
CVRFPID-209043
CVRFPID-209044
CVRFPID-209045
CVRFPID-209046
CVRFPID-209047
CVRFPID-209049
CVRFPID-209050
CVRFPID-209051
CVRFPID-209059
CVRFPID-209060
CVRFPID-209063
CVRFPID-209064
CVRFPID-209065
CVRFPID-209091
CVRFPID-209093
CVRFPID-209094
CVRFPID-209095
CVRFPID-209096
CVRFPID-209097
CVRFPID-209098
CVRFPID-209099
CVRFPID-209101
CVRFPID-209102
CVRFPID-209103
CVRFPID-209104
CVRFPID-209105
CVRFPID-209106
CVRFPID-209107
CVRFPID-209109
CVRFPID-209110
CVRFPID-209111
CVRFPID-209112
CVRFPID-209113
CVRFPID-209115
CVRFPID-209268
CVRFPID-209358
CVRFPID-209359
CVRFPID-209360
CVRFPID-209439
CVRFPID-209455
CVRFPID-209532
CVRFPID-209569
CVRFPID-209632
CVRFPID-209839
CVRFPID-209887
CVRFPID-209929
CVRFPID-209936
CVRFPID-210129
CVRFPID-210203
CVRFPID-210344
CVRFPID-210406
CVRFPID-210407
CVRFPID-210766
CVRFPID-210958
CVRFPID-211296
CVRFPID-211297
CVRFPID-211408
CVRFPID-211603
CVRFPID-211618
CVRFPID-211751
CVRFPID-211825
CVRFPID-211976
CVRFPID-211984
CVRFPID-212118
CVRFPID-212127
CVRFPID-212321
CVRFPID-212329
CVRFPID-212407
CVRFPID-212445
CVRFPID-212635
CVRFPID-212701
CVRFPID-213000
CVRFPID-213001
CVRFPID-213002
CVRFPID-213023
CVRFPID-213032
CVRFPID-213034
CVRFPID-213086
CVRFPID-213594
CVRFPID-213610
CVRFPID-213633
CVRFPID-213770
CVRFPID-213788
CVRFPID-213789
CVRFPID-213794
CVRFPID-213795
CVRFPID-213843
CVRFPID-214052
CVRFPID-214053
CVRFPID-214072
CVRFPID-214074
CVRFPID-214078
CVRFPID-214161
CVRFPID-214166
CVRFPID-214217
CVRFPID-214218
CVRFPID-214479
CVRFPID-214480
CVRFPID-214556
CVRFPID-214938
CVRFPID-214965
CVRFPID-216215
CVRFPID-216239
CVRFPID-216258
CVRFPID-216259
CVRFPID-216295
CVRFPID-216344
CVRFPID-216419
CVRFPID-216577
CVRFPID-216961
CVRFPID-216962
CVRFPID-217805
CVRFPID-217807
CVRFPID-218891
CVRFPID-218995
CVRFPID-218996
CVRFPID-218997
CVRFPID-220038
CVRFPID-220396
CVRFPID-220440
CVRFPID-220441
CVRFPID-220443
CVRFPID-220444
CVRFPID-220445
CVRFPID-220457
CVRFPID-220460
CVRFPID-220461
CVRFPID-220466
CVRFPID-220507
CVRFPID-220521
CVRFPID-220522
CVRFPID-220594
CVRFPID-220650
CVRFPID-220664
CVRFPID-220673
CVRFPID-220674
CVRFPID-220675
CVRFPID-220689
CVRFPID-221033
CVRFPID-221093
CVRFPID-221137
CVRFPID-222275
CVRFPID-222342
CVRFPID-222419
CVRFPID-222436
CVRFPID-222500
CVRFPID-222650
CVRFPID-222651
CVRFPID-222924
CVRFPID-222931
CVRFPID-222988
CVRFPID-222989
CVRFPID-223085
CVRFPID-223086
CVRFPID-223143
CVRFPID-223189
CVRFPID-224327
CVRFPID-224443
CVRFPID-224553
CVRFPID-224566
CVRFPID-224611
CVRFPID-225167
CVRFPID-225662
CVRFPID-225667
CVRFPID-225668
CVRFPID-225740
CVRFPID-225786
CVRFPID-226076
CVRFPID-226077
CVRFPID-226202
CVRFPID-227172
CVRFPID-227250
CVRFPID-227285
CVRFPID-227364
CVRFPID-227613
CVRFPID-227754
CVRFPID-228151
CVRFPID-230588
CVRFPID-230589
CVRFPID-230590
CVRFPID-230594
CVRFPID-230612
CVRFPID-230613
CVRFPID-230614
CVRFPID-230616
CVRFPID-232093
CVRFPID-234926
CVRFPID-236297
CVRFPID-241916
CVRFPID-245380
CVRFPID-250628
CVRFPID-254081
CVRFPID-262382
CVRFPID-274199
CVRFPID-274202
CVRFPID-275327
CVRFPID-275845
CVRFPID-278136
CVRFPID-280778
CVRFPID-286843
CVRFPID-292684
CVRFPID-184480
CVRFPID-184481
CVRFPID-194730
CVRFPID-194731
CVRFPID-194732
CVRFPID-194735
CVRFPID-194736
CVRFPID-194737
CVRFPID-194842
CVRFPID-194843
CVRFPID-197145
CVRFPID-198123
CVRFPID-198124
CVRFPID-198125
CVRFPID-200768
CVRFPID-200770
CVRFPID-200771
CVRFPID-201495
CVRFPID-202539
CVRFPID-202540
CVRFPID-202541
CVRFPID-202542
CVRFPID-202558
CVRFPID-203353
CVRFPID-206159
CVRFPID-206160
CVRFPID-206161
CVRFPID-206162
CVRFPID-206168
CVRFPID-206169
CVRFPID-206170
CVRFPID-206172
CVRFPID-206173
CVRFPID-206174
CVRFPID-206175
CVRFPID-206176
CVRFPID-206178
CVRFPID-206180
CVRFPID-206181
CVRFPID-206188
CVRFPID-206189
CVRFPID-206190
CVRFPID-206191
CVRFPID-206192
CVRFPID-206193
CVRFPID-206211
CVRFPID-210073
CVRFPID-210074
CVRFPID-210075
CVRFPID-210076
CVRFPID-210077
CVRFPID-210078
CVRFPID-210079
CVRFPID-210081
CVRFPID-210264
CVRFPID-212268
CVRFPID-212408
CVRFPID-212411
CVRFPID-212412
CVRFPID-212436
CVRFPID-212674
CVRFPID-213100
CVRFPID-213469
CVRFPID-213470
CVRFPID-213471
CVRFPID-213472
CVRFPID-213473
CVRFPID-213474
CVRFPID-213475
CVRFPID-213476
CVRFPID-213477
CVRFPID-213478
CVRFPID-213557
CVRFPID-213580
CVRFPID-213635
CVRFPID-213642
CVRFPID-213661
CVRFPID-213700
CVRFPID-213776
CVRFPID-213777
CVRFPID-213778
CVRFPID-213779
CVRFPID-213781
CVRFPID-213790
CVRFPID-213797
CVRFPID-213798
CVRFPID-213799
CVRFPID-213809
CVRFPID-213811
CVRFPID-213812
CVRFPID-213815
CVRFPID-213816
CVRFPID-213825
CVRFPID-213955
CVRFPID-213957
CVRFPID-213960
CVRFPID-214051
CVRFPID-214993
CVRFPID-217234
CVRFPID-217253
CVRFPID-217255
CVRFPID-217256
CVRFPID-217257
CVRFPID-217259
CVRFPID-217260
CVRFPID-217261
CVRFPID-217262
CVRFPID-217263
CVRFPID-217264
CVRFPID-217265
CVRFPID-217266
CVRFPID-217267
CVRFPID-217268
CVRFPID-217270
CVRFPID-217271
CVRFPID-217272
CVRFPID-217273
CVRFPID-217276
CVRFPID-217279
CVRFPID-217280
CVRFPID-217282
CVRFPID-217283
CVRFPID-220290
CVRFPID-220357
CVRFPID-220489
CVRFPID-220517
CVRFPID-220687
CVRFPID-220688
CVRFPID-220802
CVRFPID-220993
CVRFPID-221108
CVRFPID-222257
CVRFPID-222435
CVRFPID-222483
CVRFPID-222693
CVRFPID-222694
CVRFPID-222695
CVRFPID-222711
CVRFPID-222925
CVRFPID-222942
CVRFPID-223018
CVRFPID-223019
CVRFPID-223241
CVRFPID-223252
CVRFPID-224424
CVRFPID-224702
CVRFPID-225168
CVRFPID-225337
CVRFPID-225359
CVRFPID-225568
CVRFPID-225569
CVRFPID-225784
CVRFPID-226078
CVRFPID-226158
CVRFPID-226160
CVRFPID-226330
CVRFPID-226354
CVRFPID-227755
8.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
If the software release on the device supports the crypto ikev2 limit queue sa-init configuration command (see Cisco bug CSCvc12306 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc12306"]), using this command is equivalent to performing an upgrade to a fixed release. Otherwise, there are no workarounds that address this vulnerability.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike
Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability