Multiple Cisco Products affected by IKEv1 Vulnerability

Published: 2016-09-17
Last Updated: 2016-09-17 20:43:31 UTC
by Guy Bruneau (Version: 1)
6 comment(s)

Cisco released a an advisory (CVE-2016-6415) regarding a vulnerability in IKEv1 that affect Cisco IOS, IOS XE and IOS XR software which could allow an unauthenticated malicious user to retrieve memory content leading to disclosure of confidential information

Note: "Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability."[1] The list of affected products is available here. This vulnerability is rated High by Cisco.

[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

Keywords: IKEv1 IOS IOS XE IOS XR
6 comment(s)
Diary Archives