{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T18:07:47.472","vulnerabilities":[{"cve":{"id":"CVE-2021-40125","sourceIdentifier":"psirt@cisco.com","published":"2021-10-27T19:15:08.877","lastModified":"2024-11-21T06:23:37.697","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a resource. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. A successful exploit could allow the attacker to trigger a reload of the device."},{"lang":"es","value":"Una vulnerabilidad en la implementación del Intercambio de Claves de Internet Versión 2 (IKEv2) del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podría permitir a un atacante remoto autenticado desencadenar una condición de denegación de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad es debido a un control inapropiado de un recurso. Un atacante con la capacidad de falsificar un peer IKEv2 site-to-site VPN confiable y en posesión de credenciales IKEv2 válidas para ese peer podría explotar esta vulnerabilidad mediante el envío de mensajes IKEv2 malformados y autenticados a un dispositivo afectado. Una explotación con éxito podría permitir al atacante desencadenar una recarga del dispositivo"}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:N/A:C","baseScore":6.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*","versionEndExcluding":"6.4.0.13","matchCriteriaId":"5429F29E-BEE8-4989-B5F3-A9BABBF64D31"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.0","versionEndExcluding":"6.6.5","matchCriteriaId":"37A74256-AF9A-473B-9DC7-A57618BA9F00"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.0","versionEndExcluding":"6.7.0.3","matchCriteriaId":"98DEDDAB-B8C5-4753-A208-94638E694FC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.1","matchCriteriaId":"7B2F537A-A488-45B6-AD4B-48B7064AE84C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.8.0","versionEndExcluding":"9.8.4.40","matchCriteriaId":"8F6EF272-6D43-476C-B35D-DDE79A7A01C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.9.0","versionEndExcluding":"9.12.4.30","matchCriteriaId":"36510038-2C7B-45D4-8531-C0FFD3D913F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.14.0","versionEndExcluding":"9.14.3.9","matchCriteriaId":"C6828628-B179-4188-92CE-1D488859D92D"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.15.0","versionEndExcluding":"9.15.1.17","matchCriteriaId":"F6EC0723-CBC7-45A7-8B30-B680E8A771EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.16.0","versionEndExcluding":"9.16.2","matchCriteriaId":"25DBA8C5-EB2F-4C01-88BA-EC2D720F9F7C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_5512-x_firmware:009.016\\(001.025\\):*:*:*:*:*:*:*","matchCriteriaId":"BEEEB3EB-7AD9-4498-BEE5-12A374AEF0FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*","matchCriteriaId":"08F0F160-DAD2-48D4-B7B2-4818B2526F35"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_5505_firmware:009.016\\(001.025\\):*:*:*:*:*:*:*","matchCriteriaId":"74DF1599-7739-47DD-AD89-B9C48D1ED2EC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*","matchCriteriaId":"8E6A8BB7-2000-4CA2-9DD7-89573CE4C73A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_5515-x_firmware:009.016\\(001.025\\):*:*:*:*:*:*:*","matchCriteriaId":"96EDFC77-6634-4427-98F8-ACDC704F670F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*","matchCriteriaId":"977D597B-F6DE-4438-AB02-06BE64D71EBE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_5525-x_firmware:009.016\\(001.025\\):*:*:*:*:*:*:*","matchCriteriaId":"AD551733-BBAE-4FE3-8E20-877084CA5E5D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*","matchCriteriaId":"EB71EB29-0115-4307-A9F7-262394FD9FB0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_5545-x_firmware:009.016\\(001.025\\):*:*:*:*:*:*:*","matchCriteriaId":"1819434E-FE47-4544-8BCB-D1765760E1BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*","matchCriteriaId":"57179F60-E330-4FF0-9664-B1E4637FF210"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_5555-x_firmware:009.016\\(001.025\\):*:*:*:*:*:*:*","matchCriteriaId":"FB65CEFA-1874-438A-B4F3-9DE96564D291"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*","matchCriteriaId":"5535C936-391B-4619-AA03-B35265FC15D7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_5580_firmware:009.016\\(001.025\\):*:*:*:*:*:*:*","matchCriteriaId":"4BED5416-48BE-48A4-9209-DD22BC247819"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*","matchCriteriaId":"D1E828B8-5ECC-4A09-B2AD-DEDC558713DE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_5585-x_firmware:009.016\\(001.025\\):*:*:*:*:*:*:*","matchCriteriaId":"C7A8E03D-F2C3-4766-B004-961B58C172E2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*","matchCriteriaId":"16AE20C2-C77E-4E04-BF13-A48696E52426"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-g4cmrr7C","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-g4cmrr7C","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}