CVE-2024-20426: 
Cisco Adaptive Security Appliance (ASA) vulnerability analysis and mitigation

A vulnerability (CVE-2024-20426) was discovered in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. The vulnerability was disclosed on October 23, 2024, and received a CVSS base score of 8.6 (High). This security flaw affects Cisco ASA and FTD Software systems with IKEv2 protocol enabled (Cisco Advisory).

The vulnerability stems from insufficient input validation in the IKEv2 protocol implementation. It is classified as a NULL Pointer Dereference (CWE-476) vulnerability. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

A successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The impact specifically results in the device reloading, disrupting network services (Cisco Advisory).

Cisco has released software updates that address this vulnerability. There are no workarounds available for this vulnerability. Organizations using affected products should obtain security fixes through their usual update channels. To determine if IKEv2 is enabled on an interface, administrators can use the 'show running-config crypto ikev2 | include enable' CLI command (Cisco Advisory).