[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Wed, 23 Mar 2016 14:34:58 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange 
Version 2 Fragmentation Denial of Service Vulnerability

Advisory ID: cisco-sa-20160323-ios-ikev2

Revision 1.0

For Public Release 2016 March 23 16:00  GMT

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Internet Key Exchange (IKE) version 2 (v2) fragmentation 
code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote 
attacker to cause a reload of the affected system. 

The vulnerability is due to an improper handling of crafted, fragmented IKEv2 
packets. An attacker could exploit this vulnerability by sending crafted UDP 
packets to the affected system. An exploit could allow the attacker to cause a 
reload of the affected system.

Note: Only traffic directed to the affected system can be used to exploit this 
vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Cisco has released software updates that address this vulnerability. This 
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2

This advisory is part of the March 23, 2016, release of the Cisco IOS and IOS 
XE Software Security Advisory Bundled Publication, which includes six Cisco 
Security Advisories that describe six vulnerabilities. All the vulnerabilities 
have a Security Impact Rating of "High." For a complete list of advisories and 
links to them, see Cisco Event Response:
http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJW8DU6AAoJEK89gD3EAJB5tHcP/1IOH5dlfWMZD1qNngUnCWzg
+ck1Cm1V54sMIDvfjFANdElPi8PI1nFnJ7Nmg6RIN33F5RiREIKy1CEgxAS4vIfB
XkgiIGnLhZ+St3R6mgVIHhg+fMJnmBTvxoKwEp/YN1xjNFf4p0hm8B6+KCu8lb0r
gDvzxzLo7KZAABedlm7lpqAOIRMPRxA3BApzqMtkIUD9nHLxxWUZWf1jsD0CzQga
sFMA8HICaGA69Ldh4YIjC/wkOGrstQIdLNB6EES/klriXflD5p+WFb4zIBfy6CK8
WKbp1QOuqRvkGJRwvAXJ8HgS+gkA+jSxFH0i5tUHR2OvJYm9IsMhw2NJtnDLXv8e
UECVlkwslVzac5pGOnpVaK36QYeH5ZAoJuS6Rf6u8kqI/u9mS6qxQzgmZqCWqpkD
LAbExAmPg9mvLU225BCkhPs+8Uhbcm45DDt3IRLcCk80P6dFPXXJQ5HVKFIao7MC
n10+crFbtAx5Pcs2pFARYD+n2QPuP6iYsh90/BAD1VLWhJFfRc7JbAeHPmai/7RH
78ZGClwqY4ApMejnfnpOiH4VOqApPp8erCdm43Kl7BgVaS9W3Ln9vpipZ1jnxkKq
psyLfpDp5ffN/hkO7XkTEOmPK0frypBo2MvcpmAKUuJKhwlGnW5Fc/48s1YoIjRk
JlU3J3x8YkKFgxVTKLVu
=uD60
-----END PGP SIGNATURE-----

Prev by Date: Cisco Security Advisory: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability
Next by Date: Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
Previous by thread: Cisco Security Advisory: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability
Next by thread: Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
Index(es):
- Date
- Thread