Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Multiple Cisco Products affected by IKEv1 Vulnerability

Published: 2016-09-17
Last Updated: 2016-09-17 20:43:31 UTC
by Guy Bruneau (Version: 1)
6 comment(s)

Cisco released a an advisory (CVE-2016-6415) regarding a vulnerability in IKEv1 that affect Cisco IOS, IOS XE and IOS XR software which could allow an unauthenticated malicious user to retrieve memory content leading to disclosure of confidential information

Note: "Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability."[1] The list of affected products is available here. This vulnerability is rated High by Cisco.

[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

Keywords: IKEv1 IOS IOS XE IOS XR
6 comment(s)
Diary Archives