Cisco discloses PIX firewall, IOS software security holes
20 September 2016 | 0
Cisco has warned of a high priority security hole in its IOS software that could have let attackers snatch memory contents from a variety of products that could lead to the disclosure of confidential information.
Specifically, Cisco said the vulnerability is due to “insufficient condition checks in the part of the code that handles Internet Key Exchange (IKEv1) security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests.”
Cisco said it would release software updates that address this vulnerability and that there are no workarounds that address this vulnerability.
IKEv1 is used in a variety of VPN applications including:
- LAN-to-LAN VPN
- Remote access VPN (excluding SSLVPN)
- Dynamic Multipoint VPN (DMVPN)
- Group Domain of Interpretation (GDOI)
Cisco said affected products include Cisco IOS XR Software versions 4.3.x through 5.2.x. Cisco IOS XR Software releases 5.3.x and newer are not affected by this vulnerability. Cisco also noted that PIX versions 6.x and prior are affected by this vulnerability. PIX versions 7.0 and later are confirmed to be unaffected by this vulnerability the company wrote.
As background on the exploit, Cisco wrote, “On August 15, 2016, Cisco was alerted to information posted online by the Shadow Brokers group, which claimed to possess disclosures from the Equation Group. The posted materials included exploits for firewall products from multiple vendors. Articles included information regarding the BENIGNCERTAIN exploit potentially being used to exploit legacy Cisco PIX firewalls. Based on the Shadow Brokers disclosure, Cisco started an investigation on other products that could be impacted by a vulnerability similar to BENINGCERTAIN.”
IDG News Service