[c-nsp] Cisco Security Advisory: IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products

Fri Sep 16 16:54:51 EDT 2016

Summary
=======
A vulnerability in IKEv1 packet processing code in Cisco IOS, Cisco IOS XE and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.

The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information.

Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

-----BEGIN PGP SIGNATURE-----

iQIVAwUBV9xaxa89gD3EAJB5AQLT6BAA0Wu+va2D7PlcKnpHHrmYwCwdeHZr6S9h
+VTOhzWh7JC1jvGWUcz1mW3IOptKvN7Wb4GY+nI8YVgXS/cd4Bo8FSwOla5MFS0J
Y4LKo+kdEtrOuiXNiqMAdoExUXtCHYm08L8WbLS/ES5UEoTB5hO9EO8HA1wRQ/Yi
+/6pJGmseqgINIaX2eeqi7jjRB+47lbUoS/rlWAAuzskmK76MOOLmMYosNWqIvbV
Ja1f9/wr0rO9OCBuBbZsPfs9YH2sRF+q5uzxnt4bJMBN1smY/ow9dB59tV6caNff
xM2CQUhB6/0EyszMRvjANt06g49nOl8hixJOzDz+TaJ2xOR//K5M8dhqguQ8J42j
cK0s4ayey0ks/qOdxsK34q4Q7OuSmWrJJIAymypgJEVZ/VWK54kJIU+OOfMvNqvC
cOPUfE+kjr0SHqHMJ5aNJwU3W/owCTftj5QDRinuoe0EZ/iWE45d1JMZJAQpJsTU
5XDY/QrZiu9+Drj8RsgWeoiEtpO9Wep0cIAXoOFwXE9kUGuw6yngv1H1q2BF599N
kHa+5A8ULySwKWwFUa4/XGvMITAQXOLIdUFDGRfMozegFPOtDj82cepPt7yIxfPG
fGKwnvi5wPT/b9JoMRIbmahNHHIKJbe6Z+J4+i7eK3Fl6Syr9HtptZIBta3lCX8Q
UAD0xvStymY=
=s4x7
-----END PGP SIGNATURE-----