ZERO DAY INITIATIVE - BLOG
CVE-2026-33824: Remote Code Execution in Windows IKEv2
HIGH IKEv2 IKEEXT double-free RCE
Strategische Zusammenfassung
IKEv2-RCE bedroht VPN-Infrastruktur und Remote-Access-Systeme; kritisch für Windows Server 2022/2019 in DACH-Umgebungen mit verteilten Standorten.
Relevanz für dich
Ein Memory-Safety-Fehler (Double-Free) im Windows IKEv2-Service ermöglicht unauthentisierten Remote-Attackern Codeausführung durch Versand speziell strukturierter Pakete.
Erwähnte CVEs
Risk Score
68
- cvss base
- 98.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 15.00
- raw before weight
- 113.00
- industry weight
- 1.21
- freshness factor
- 0.50
- days old
- 38.00
- vendor mismatch penalty
- 0.00
Pfad: operational
MITRE ATT&CK Mapping
3 TTPs Recon
Resource Dev
Initial Access
T1190 Exploit Public-Facing Application Execution
T1203 Exploitation for Client Execution Persistence
Priv. Escal.
Def. Evasion
Cred. Access
Discovery
Lateral Mov.
Collection
C2
Exfiltration
Procedure-Details
| Technik | Tactic | Procedure | Conf. | Quelle |
|---|---|---|---|---|
| T1190 Exploit Public-Facing Application | Initial Access | An unauthenticated remote attacker sends crafted IKEv2 packets to the Windows IKEEXT service to exploit the double free vulnerability (CVE-2026-33824) in fragment processing, potentially achieving arbitrary code execution on the target system. | high | llm |
| T1203 Exploitation for Client Execution | Execution | Exploitation of the double free vulnerability in IkeReinjectReassembledPacket via crafted IKEv2 fragment packets triggers a memory corruption condition that can result in arbitrary code execution within the IKEEXT service context. | high | llm |
| T1499.004 Application or System Exploitation | Impact | Sending malformed IKEv2 fragment packets to trigger the double free vulnerability can crash the IKEEXT service, resulting in a denial of service condition on the targeted Windows system. | medium | llm |