Preview Tool

Cisco Bug: CSCus47259 - Cisco ASA XAUTH Bypass Vulnerability

Last Modified

Mar 07, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)

Due to a vulnerability in the IKEv1 code is it possible to bypass XAUTH authentication by sending crafted IKE messages

This applies only to deployment configured with Remote VPN and IKEv1.
The knowledge of the PSK or a valid certificate is needed to perform the attack.

This vulnerabilities affects only the following trains:
- 7.x
- 8.0
- 8.1
- 8.2 prior to

This issue has been fixed as part of another bug:  CSCtg28821
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.