[prev in list] [next in list] [prev in thread] [next in thread]
List: cisco-nsp
Subject: [c-nsp] Cisco Security Advisory: IKEv1 Information Disclosure Vulnerability in Multiple Cisco Produc
From: Cisco Systems Product Security Incident Response Team <psirt () cisco ! com>
Date: 2016-09-16 20:54:51
Message-ID: 201609161654.9.ikev1 () psirt ! cisco ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IKEv1 Information Disclosure Vulnerability in Multiple Cisco \
Products
Advisory ID: cisco-sa-20160916-ikev1
Revision 1.0
For Public Release 2016 September 16 16:00 GMT
Summary
=======
A vulnerability in IKEv1 packet processing code in Cisco IOS, Cisco IOS XE and Cisco \
IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory \
contents, which could lead to the disclosure of confidential information.
The vulnerability is due to insufficient condition checks in the part of the code \
that handles IKEv1 security negotiation requests. An attacker could exploit this \
vulnerability by sending a crafted IKEv1 packet to an affected device configured to \
accept IKEv1 security negotiation requests. A successful exploit could allow the \
attacker to retrieve memory contents, which could lead to the disclosure of \
confidential information.
Cisco will release software updates that address this vulnerability. There are no \
workarounds that address this vulnerability.
This advisory is available at the following link: \
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
-----BEGIN PGP SIGNATURE-----
iQIVAwUBV9xaxa89gD3EAJB5AQLT6BAA0Wu+va2D7PlcKnpHHrmYwCwdeHZr6S9h
+VTOhzWh7JC1jvGWUcz1mW3IOptKvN7Wb4GY+nI8YVgXS/cd4Bo8FSwOla5MFS0J
Y4LKo+kdEtrOuiXNiqMAdoExUXtCHYm08L8WbLS/ES5UEoTB5hO9EO8HA1wRQ/Yi
+/6pJGmseqgINIaX2eeqi7jjRB+47lbUoS/rlWAAuzskmK76MOOLmMYosNWqIvbV
Ja1f9/wr0rO9OCBuBbZsPfs9YH2sRF+q5uzxnt4bJMBN1smY/ow9dB59tV6caNff
xM2CQUhB6/0EyszMRvjANt06g49nOl8hixJOzDz+TaJ2xOR//K5M8dhqguQ8J42j
cK0s4ayey0ks/qOdxsK34q4Q7OuSmWrJJIAymypgJEVZ/VWK54kJIU+OOfMvNqvC
cOPUfE+kjr0SHqHMJ5aNJwU3W/owCTftj5QDRinuoe0EZ/iWE45d1JMZJAQpJsTU
5XDY/QrZiu9+Drj8RsgWeoiEtpO9Wep0cIAXoOFwXE9kUGuw6yngv1H1q2BF599N
kHa+5A8ULySwKWwFUa4/XGvMITAQXOLIdUFDGRfMozegFPOtDj82cepPt7yIxfPG
fGKwnvi5wPT/b9JoMRIbmahNHHIKJbe6Z+J4+i7eK3Fl6Syr9HtptZIBta3lCX8Q
UAD0xvStymY=
=s4x7
-----END PGP SIGNATURE-----
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic