Multiple Cisco Products affected by IKEv1 Vulnerability

Multiple Cisco Products affected by IKEv1 Vulnerability
Cisco released a an advisory (CVE-2016-6415) regarding a vulnerability in IKEv1 that affect Cisco IOS, IOS XE and IOS XR software which could allow an unauthenticated malicious user to retrieve memory content leading to disclosure of confidential information Note: "Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability."[1] The list of affected products is available here. This vulnerability is rated High by Cisco. [1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1 ----------- Guy Bruneau IPSS Inc. Twitter: GuyBruneau gbruneau at isc dot sans dot edu	Guy 522 Posts ISC Handler Sep 17th 2016
Thread locked Subscribe	Sep 17th 2016 5 years ago
Didn't this happen last month?	Anonymous
Quote	Sep 17th 2016 5 years ago
Last month? The critical one from Feb? (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike) This one is a tad less severe and probably harder to exploit.	JDoe 5 Posts
Quote	Sep 18th 2016 5 years ago
Quoting Anonymous:Didn't this happen last month? Similar one against PIX last month. Article says they followed up, looking at IOS, and found similar issues, hence this announcement.	Jaybone 27 Posts
Quote	Sep 19th 2016 5 years ago
I'm still not clear on why they say there's no work-around, but then they also say that it only affects devices running IKE v1, not v2. How about disabling IKE v1 or just disabling VPN functionality altogether? That may be difficult in some organizations that depend on it, but then again is your VPN is no longer secure or private...	packetdude 22 Posts
Quote	Sep 19th 2016 5 years ago
Quoting packetdude:I'm still not clear on why they say there's no work-around, but then they also say that it only affects devices running IKE v1, not v2. How about disabling IKE v1 or just disabling VPN functionality altogether? That may be difficult in some organizations that depend on it, but then again is your VPN is no longer secure or private... Checked with PSIRT, and their definition of "workaround" does not include disabling the affected feature. It's the difference between a workaround and a mitigation. (After all, if loss of functionality is acceptable, then "unplug the router" is a dandy and nearly universal workaround...) Please note that, while Cisco is my "day job", I am speaking purely for myself here.	InfosecJanitor 4 Posts
Quote	Sep 20th 2016 5 years ago
Doesn't an ACL restrict to the peer IP works like a workaround?	InfosecJanitor 1 Posts
Quote	Sep 21st 2016 5 years ago