Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Critical Cisco ASA IKEv1/v2 Vulnerability. Active Scanning Detected - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical Cisco ASA IKEv1/v2 Vulnerability. Active Scanning Detected
Snort had a signature 36903 since December 1, 2015:

http://blog.snort.org/2016/02/coverage-for-cve-2016-1287-in-snort.html
https://twitter.com/talossecurity/status/697890899175436289
MD

11 Posts
ASA's using only DTLS/SSL for AnyConnect are not vulnerable. Just be sure you've disabled IKE.
Steven

12 Posts
What would be the cleanest way to disable unused/Legacy IKE VPN connections. I agree as a temporary measure disabling unused or less necessary ipsec functionality may be the only option. I am wondering the cleanest way with quick rollback. Could just remove the crypto from the interface and re apply when ready. Thoughts?

no crypto map outside_map interface outside
Steven
1 Posts
There seems to be 8.2(5)59 fixing this issue(I did not tested it yet)

http://www.cisco.com/web/software/280775065/45357/ASA-825-Interim-Release-Notes.html
Revision: Version 8.2.5(59) – 2/13/2016

Files: asa825-59-k8.bin, asa825-59-smp-k8.bin

Defects resolved since 8.2.5(58):

CSCux29978 ssl Cisco ASA IKEv1 and IKEv2 Buffer Overflow Vulnerability

CSCux42019 ssl Cisco ASA IKEv1 and IKEv2 Buffer Overflow Vulnerability
cgm00ff.net

2 Posts
My clients' systems are mostly unaffected - this is a "if you haven't updated in the past 6 months, it's time to get on it" issue....
Rob VandenBrink

497 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!