Exploit Available For Cisco IKEv1 and IKEv2 Buffer Overflow Vulnerability

Published: 2016-05-17
Last Updated: 2016-05-17 15:20:44 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

An exploit has been made publicly available for CVE-2016-1287. A patch for the vulnerability, and quite a bit of detail about the vulnerability, was released in February [1]. We recommend you expedite patching this problem if you haven't already done so.

[1] https://blog.exodusintel.com/2016/02/10/firewall-hacking/

Johannes B. Ullrich, Ph.D.

3 comment(s)


This is rated CVSS 10. Pretty bad for a public facing device that will most likely have VPN enabled.
Well, if you have not patched yet, you are 0wned.
We saw 2 boxes reboot within 24 hours of the Feb release of the info (half an hour apart), just an hour or so before the planned emergency patch. So at least probes were in-the-wild within hours.

All configuration was re-applied after the firmware upgrade, as we did not trust the existing config.
best traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode most effective and in single or a couple of context mode. This vulnerability can be triggered via IPv4 and IPv6 traffic.

Diary Archives