Key Information Summary Vulnerability Overview Vulnerability Type: Cisco IOS-XE Software Internet Key Exchange Version 1 (IKEv1) Denial of Service Vulnerability CVE ID: CVE-2020-3562 Severity: High CVSS Score: 7.7/10 Affected Products Affected Cisco products include: - 1000 Series Integrated Services Routers (ISRs) - 4000 Series ISRs - Catalyst 9300 Series Edge Platforms - Catalyst 8300 Series Edge Platforms - Catalyst 8500 Series Edge Platforms - Catalyst 9500L Series Edge Platforms Vulnerability Description Due to improper validation when processing IKEv1 Phase 2 parameters, a remote attacker can exploit this vulnerability by sending a crafted message to the IKEv1 VPN port of an affected device, causing the device to crash and reload. Solution Cisco has released software updates to address this vulnerability. Customers should obtain the security fix through regular software update channels. Workarounds No workarounds are available to mitigate this vulnerability. Fixed Software Cisco has released software updates that fix this vulnerability. Customers should upgrade software in accordance with Cisco software licensing terms. Additional Information This vulnerability was discovered during the resolution of a Cisco TAC support case. Cisco Product Security Incident Response Team (PSIRT) is not aware of any public disclosures or malicious exploitation of this vulnerability.