Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Exploit Available For Cisco IKEv1 and IKEv2 Buffer Overflow Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Exploit Available For Cisco IKEv1 and IKEv2 Buffer Overflow Vulnerability

An exploit has been made publicly available for CVE-2016-1287. A patch for the vulnerability, and quite a bit of detail about the vulnerability, was released in February [1]. We recommend you expedite patching this problem if you haven't already done so.


Johannes B. Ullrich, Ph.D.

I will be teaching next: Intrusion Detection In-Depth - SIEM Summit & Training 2019


3631 Posts
ISC Handler
This is rated CVSS 10. Pretty bad for a public facing device that will most likely have VPN enabled.

5 Posts
Well, if you have not patched yet, you are 0wned.
We saw 2 boxes reboot within 24 hours of the Feb release of the info (half an hour apart), just an hour or so before the planned emergency patch. So at least probes were in-the-wild within hours.

All configuration was re-applied after the firmware upgrade, as we did not trust the existing config.
Povl H.

72 Posts
best traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode most effective and in single or a couple of context mode. This vulnerability can be triggered via IPv4 and IPv6 traffic.

Sign Up for Free or Log In to start participating in the conversation!