Published on Thursday, 11 February 2016 17:00
[ Background ]
This vulnerability was discovered in the Cisco Adaptive Security Appliance (ASA) software. The Cisco ASA is an IP router which serves as an application-aware firewall, network antivirus, intrusion prevention system, and virtual private network (VPN) server. On 10 February 2016, CISCO published a security advisory to address this software vulnerability (CVE-2016-1287).
(Screenshot of Cisco Security Advisory)
Credit: Cisco (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike)
[ Description of Vulnerability ]
A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
[ Affected Products ]
Affected Cisco ASA Software running on the following products may be affected by this vulnerability:
[ Impact ]
- Cisco ASA 5500 Series Adaptive Security Appliances
- Cisco ASA 5500-X Series Next-Generation Firewalls
- Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Cisco ASA 1000V Cloud Firewall
- Cisco Adaptive Security Virtual Appliance (ASAv)
- Cisco Firepower 9300 ASA Security Module
- Cisco ISA 3000 Industrial Security Appliance
The vulnerability is due to a buffer overflow in the affected code. An attacker could exploit this vulnerability by sending specially crafted UDP packets to the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system.
[ Solution / Workaround ]
There is no workaround. Cisco has released software updates that address this vulnerability, all network administrators are advised to immediately patch their affected products to mitigate the security risks.
[ References ]