Cisco discloses PIX firewall, IOS software security holes

Cisco: IKEv1 exploit could make VPNs vulnerable

cisco-discloses-pix-firewall-ios-software-security-holes

Cisco has warned of a high priority security hole in its IOS software that could have let attackers snatch memory contents from a variety of products that could lead to the disclosure of confidential information.

+More on Network World: Cisco buys into containers with Container X acquisition+

Specifically Cisco said the vulnerability is due to “insufficient condition checks in the part of the code that handles [Internet Key Exchange] IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests.”

Cisco said it would release software updates that address this vulnerability and that there are no workarounds that address this vulnerability.

IKEv1 is used in a variety of VPN applications including:

  • LAN-to-LAN VPN
  • Remote access VPN (excluding SSLVPN)
  • Dynamic Multipoint VPN (DMVPN)
  • Group Domain of Interpretation (GDOI)

Cisco said affected products include Cisco IOS XR Software versions 4.3.x through 5.2.x. Cisco IOS XR Software releases 5.3.x and newer are not affected by this vulnerability. Cisco also noted that PIX versions 6.x and prior are affected by this vulnerability. PIX versions 7.0 and later are confirmed to be unaffected by this vulnerability the company wrote.

As background on the exploit, Cisco wrote: :On August 15, 2016, Cisco was alerted to information posted online by the Shadow Brokers group, which claimed to possess disclosures from the Equation Group. The posted materials included exploits for firewall products from multiple vendors. Articles included information regarding the BENIGNCERTAIN exploit potentially being used to exploit legacy Cisco PIX firewalls. Based on the Shadow Brokers disclosure, Cisco started an investigation on other products that could be impacted by a vulnerability similar to BENINGCERTAIN.”

 Check out these other hot stories:

 Small, low flying drones the target of newfangled DARPA defense system

Federal CISO’s define greatest challenges to authority

Brocade’s big new router is all about network size, automation

Extreme swallows Zebra’s WLAN biz for $55 million

Cisco exec churn: Enterprise chief Soderbery out

Open source algorithm helps spot social media shams

“Guccifer” gets 52 months in prison for hacking crimes

Researchers sport system to pull rare earth materials from used hard drives

1,650lb 3D printed aircraft tool sets Guinness World Record

Cisco buys into containers with Container X acquisition

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.