VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 10, 2014· Updated May 6, 2026

CVE-2014-3384

CVE-2014-3384

Description

Cisco ASA IKEv2 implementation in specific versions can be remotely crashed via a crafted packet during tunnel creation, causing a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco ASA IKEv2 implementation in specific versions can be remotely crashed via a crafted packet during tunnel creation, causing a denial of service.

Vulnerability

The IKEv2 implementation in Cisco ASA Software versions 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) contains a vulnerability that allows remote attackers to cause a denial of service via a crafted packet sent during tunnel creation. This issue is identified as Bug ID CSCum96401 [1]. The vulnerability is present only when the system is configured to terminate IKEv2 VPN connections, including LAN-to-LAN IKEv2 and AnyConnect IKEv2 VPN connections [1].

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted packet to a targeted Cisco ASA device during the IKEv2 tunnel creation process. No authentication is required, and the attacker needs only network access to the device's IKEv2 service [1]. The exploitation does not require user interaction or any special privileges, but the device must have IKEv2 VPN enabled [1].

Impact

Successful exploitation causes the affected Cisco ASA device to reload, resulting in a denial of service condition. This can disrupt VPN services and network connectivity until the device recovers [1].

Mitigation

Cisco has released fixed software versions: 8.4(7.15), 8.6(1.14), 9.0(4.8), and 9.1(5.1) [1]. Administrators should upgrade to the appropriate fixed version. As a workaround, if IKEv2 is not required, it can be disabled using the no crypto ikev2 enable command [1]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of this writing.

References
  1. Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

11
  • Cisco Systems, Inc./Cisco Adaptive Security Appliance10 versions
    cpe:2.3:a:cisco:asa:8.4:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:cisco:asa:8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:8.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asa:9.1.5:*:*:*:*:*:*:*
  • Cisco Systems, Inc./ASA Softwarellm-fuzzy
    Range: >=8.4 <8.4(7.15), >=8.6 <8.6(1.14), >=9.0 <9.0(4.8), >=9.1 <9.1(5.1)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.