CVE-2025-20192

Description

A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The attacker must have valid IKEv1 VPN credentials to exploit this vulnerability. This vulnerability is due to improper validation of IKEv1 phase 2 parameters before the IPsec security association creation request is handed off to the hardware cryptographic accelerator of an affected device. An attacker could exploit this vulnerability by sending crafted IKEv1 messages to the affected device. A successful exploit could allow the attacker to cause the device to reload.

Reserved 2024-10-10 | Published 2025-05-07 | Updated 2025-05-07 | Assigner cisco

Problem types

Improper Handling of Undefined Values

Product status

3.13.0S
affected

3.13.1S
affected

3.13.2S
affected

3.13.3S
affected

3.13.4S
affected

3.13.5S
affected

3.13.6S
affected

3.13.7S
affected

3.13.6aS
affected

3.13.8S
affected

3.13.9S
affected

3.13.10S
affected

3.14.0S
affected

3.14.1S
affected

3.14.2S
affected

3.14.3S
affected

3.14.4S
affected

3.15.0S
affected

3.15.1S
affected

3.15.2S
affected

3.15.1cS
affected

3.15.3S
affected

3.15.4S
affected

3.16.0S
affected

3.16.1aS
affected

3.16.2S
affected

3.16.0cS
affected

3.16.3S
affected

3.16.4aS
affected

3.16.4bS
affected

3.16.5S
affected

3.16.4dS
affected

3.16.6S
affected

3.16.7S
affected

3.16.6bS
affected

3.16.7aS
affected

3.16.7bS
affected

3.16.8S
affected

3.16.9S
affected

3.16.10S
affected

3.17.0S
affected

3.17.1S
affected

3.17.2S
affected

3.17.3S
affected

3.17.4S
affected

16.2.1
affected

16.2.2
affected

16.3.1
affected

16.3.2
affected

16.3.3
affected

16.3.1a
affected

16.3.4
affected

16.3.5
affected

16.3.6
affected

16.3.7
affected

16.3.8
affected

16.3.9
affected

16.3.10
affected

16.3.11
affected

16.4.1
affected

16.4.2
affected

16.4.3
affected

16.5.1
affected

16.5.1b
affected

16.5.2
affected

16.5.3
affected

3.18.2aSP
affected

16.6.1
affected

16.6.2
affected

16.6.3
affected

16.6.4
affected

16.6.5
affected

16.6.6
affected

16.6.7
affected

16.6.8
affected

16.6.9
affected

16.6.10
affected

16.7.1
affected

16.7.2
affected

16.7.3
affected

16.8.1
affected

16.8.1s
affected

16.8.2
affected

16.8.3
affected

16.9.1
affected

16.9.2
affected

16.9.1s
affected

16.9.3
affected

16.9.4
affected

16.9.5
affected

16.9.6
affected

16.9.7
affected

16.9.8
affected

16.10.1
affected

16.10.1a
affected

16.10.1b
affected

16.10.1s
affected

16.10.1e
affected

16.10.2
affected

16.10.3
affected

16.11.1
affected

16.11.1a
affected

16.11.2
affected

16.11.1s
affected

16.12.1
affected

16.12.1s
affected

16.12.1a
affected

16.12.1c
affected

16.12.2
affected

16.12.3
affected

16.12.8
affected

16.12.2s
affected

16.12.4
affected

16.12.3s
affected

16.12.5
affected

16.12.6
affected

16.12.7
affected

17.1.1
affected

17.1.1s
affected

17.1.1t
affected

17.1.3
affected

17.2.1
affected

17.2.1r
affected

17.2.1v
affected

17.2.2
affected

17.2.3
affected

17.3.1
affected

17.3.2
affected

17.3.3
affected

17.3.1a
affected

17.3.4
affected

17.3.5
affected

17.3.4a
affected

17.3.6
affected

17.3.7
affected

17.3.8
affected

17.3.8a
affected

17.4.1
affected

17.4.2
affected

17.4.1a
affected

17.4.1b
affected

17.5.1
affected

17.5.1a
affected

17.6.1
affected

17.6.2
affected

17.6.1a
affected

17.6.3
affected

17.6.1y
affected

17.6.3a
affected

17.6.4
affected

17.6.5
affected

17.6.6
affected

17.6.6a
affected

17.6.5a
affected

17.6.7
affected

17.6.8
affected

17.6.8a
affected

17.7.1
affected

17.7.1a
affected

17.7.2
affected

17.10.1
affected

17.10.1a
affected

17.8.1
affected

17.8.1a
affected

17.9.1
affected

17.9.2
affected

17.9.1a
affected

17.9.3
affected

17.9.2a
affected

17.9.3a
affected

17.9.4
affected

17.9.5
affected

17.9.4a
affected

17.9.5a
affected

17.9.5b
affected

17.9.5e
affected

17.9.5f
affected

17.11.1
affected

17.11.1a
affected

17.12.1
affected

17.12.1a
affected

17.12.2
affected

17.12.3
affected

17.12.2a
affected

17.12.3a
affected

17.13.1
affected

17.13.1a
affected

17.14.1
affected

17.14.1a
affected

References

sec.cloudapps.cisco.com/...cisco-sa-iosxe-ikev1-dos-XHk3HzFC (cisco-sa-iosxe-ikev1-dos-XHk3HzFC)

cve.org (CVE-2025-20192)

nvd.nist.gov (CVE-2025-20192)

Download JSON