7.1 - cisco-sa-20160323-ios-ikev2

Executive Summary

Summary
Title	Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability

Informations
Name	cisco-sa-20160323-ios-ikev2	First vendor Publication	2016-03-23
Vendor	Cisco	Last vendor Modification	2016-03-23
Severity (Vendor)	N/A	Revision	1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.1	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Internet Key Exchange (IKE) version 2 (v2) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected system.

The vulnerability is due to an improper handling of crafted, fragmented IKEv2 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system.

Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Cisco has released software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2

This advisory is part of the March 23, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see Cisco Event Response: http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html

BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJW8DU6AAoJEK89gD3EAJB5tHcP/1IOH5dlfWMZD1qNngUnCWzg +ck1Cm1V54sMIDvfjFANdElPi8PI1nFnJ7Nmg6RIN33F5RiREIKy1CEgxAS4vIfB XkgiIGnLhZ+St3R6mgVIHhg+fMJnmBTvxoKwEp/YN1xjNFf4p0hm8B6+KCu8lb0r gDvzxzLo7KZAABedlm7lpqAOIRMPRxA3BApzqMtkIUD9nHLxxWUZWf1jsD0CzQga sFMA8HICaGA69Ldh4YIjC/wkOGrstQIdLNB6EES/klriXflD5p+WFb4zIBfy6CK8 WKbp1QOuqRvkGJRwvAXJ8HgS+gkA+jSxFH0i5tUHR2OvJYm9IsMhw2NJtnDLXv8e UECVlkwslVzac5pGOnpVaK36QYeH5ZAoJuS6Rf6u8kqI/u9mS6qxQzgmZqCWqpkD LAbExAmPg9mvLU225BCkhPs+8Uhbcm45DDt3IRLcCk80P6dFPXXJQ5HVKFIao7MC n10+crFbtAx5Pcs2pFARYD+n2QPuP6iYsh90/BAD1VLWhJFfRc7JbAeHPmai/7RH 78ZGClwqY4ApMejnfnpOiH4VOqApPp8erCdm43Kl7BgVaS9W3Ln9vpipZ1jnxkKq psyLfpDp5ffN/hkO7XkTEOmPK0frypBo2MvcpmAKUuJKhwlGnW5Fc/48s1YoIjRk JlU3J3x8YkKFgxVTKLVu =uD60 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

CPE : Common Platform Enumeration

Type	Description	Count
Os	Cisco Ios Xe cpe:2.3:o:cisco:ios_xe:3.9s_3.9.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.9s_3.9.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.9s_3.9.1as:::::::* cpe:2.3:o:cisco:ios_xe:3.9s_3.9.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.9s_3.9.0as:::::::* cpe:2.3:o:cisco:ios_xe:3.8s_3.8.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.8s_3.8.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.8s_3.8.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.8e_3.8.1e:::::::* cpe:2.3:o:cisco:ios_xe:3.8e_3.8.0e:::::::* cpe:2.3:o:cisco:ios_xe:3.7s_3.7.7s:::::::* cpe:2.3:o:cisco:ios_xe:3.7s_3.7.6s:::::::* cpe:2.3:o:cisco:ios_xe:3.7s_3.7.5s:::::::* cpe:2.3:o:cisco:ios_xe:3.7s_3.7.4s:::::::* cpe:2.3:o:cisco:ios_xe:3.7s_3.7.4as:::::::* cpe:2.3:o:cisco:ios_xe:3.7s_3.7.3s:::::::* cpe:2.3:o:cisco:ios_xe:3.7s_3.7.2ts:::::::* cpe:2.3:o:cisco:ios_xe:3.7s_3.7.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.7s_3.7.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.7s_3.7.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.7e_3.7.3e:::::::* cpe:2.3:o:cisco:ios_xe:3.7e_3.7.2e:::::::* cpe:2.3:o:cisco:ios_xe:3.7e_3.7.1e:::::::* cpe:2.3:o:cisco:ios_xe:3.7e_3.7.0e:::::::* cpe:2.3:o:cisco:ios_xe:3.6s_3.6.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.6s_3.6.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.6s_3.6.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.6e_3.6.3e:::::::* cpe:2.3:o:cisco:ios_xe:3.6e_3.6.2e:::::::* cpe:2.3:o:cisco:ios_xe:3.6e_3.6.2ae:::::::* cpe:2.3:o:cisco:ios_xe:3.6e_3.6.1e:::::::* cpe:2.3:o:cisco:ios_xe:3.6e_3.6.0e:::::::* cpe:2.3:o:cisco:ios_xe:3.5s_3.5.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.5s_3.5.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.5s_3.5.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.5e_3.5.3e:::::::* cpe:2.3:o:cisco:ios_xe:3.5e_3.5.2e:::::::* cpe:2.3:o:cisco:ios_xe:3.5e_3.5.1e:::::::* cpe:2.3:o:cisco:ios_xe:3.5e_3.5.0e:::::::* cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.7sg:::::::* cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.6sg:::::::* cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.5sg:::::::* cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.4sg:::::::* cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.3sg:::::::* cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.2sg:::::::* cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.1sg:::::::* cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.0sg:::::::* cpe:2.3:o:cisco:ios_xe:3.4s_3.4.6s:::::::* cpe:2.3:o:cisco:ios_xe:3.4s_3.4.5s:::::::* cpe:2.3:o:cisco:ios_xe:3.4s_3.4.4s:::::::* cpe:2.3:o:cisco:ios_xe:3.4s_3.4.3s:::::::* cpe:2.3:o:cisco:ios_xe:3.4s_3.4.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.4s_3.4.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.4s_3.4.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.4s_3.4.0as:::::::* cpe:2.3:o:cisco:ios_xe:3.3xo_3.3.2xo:::::::* cpe:2.3:o:cisco:ios_xe:3.3xo_3.3.1xo:::::::* cpe:2.3:o:cisco:ios_xe:3.3xo_3.3.0xo:::::::* cpe:2.3:o:cisco:ios_xe:3.3sg_3.3.2sg:::::::* cpe:2.3:o:cisco:ios_xe:3.3sg_3.3.1sg:::::::* cpe:2.3:o:cisco:ios_xe:3.3sg_3.3.0sg:::::::* cpe:2.3:o:cisco:ios_xe:3.3s_3.3.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.3s_3.3.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.3s_3.3.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.17s_3.17.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.16s_3.16.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.16s_3.16.1as:::::::* cpe:2.3:o:cisco:ios_xe:3.16s_3.16.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.16s_3.16.0cs:::::::* cpe:2.3:o:cisco:ios_xe:3.15s_3.15.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.15s_3.15.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.15s_3.15.1cs:::::::* cpe:2.3:o:cisco:ios_xe:3.15s_3.15.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.14s_3.14.3s:::::::* cpe:2.3:o:cisco:ios_xe:3.14s_3.14.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.14s_3.14.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.14s_3.14.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.13s_3.13.4s:::::::* cpe:2.3:o:cisco:ios_xe:3.13s_3.13.3s:::::::* cpe:2.3:o:cisco:ios_xe:3.13s_3.13.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.13s_3.13.2as:::::::* cpe:2.3:o:cisco:ios_xe:3.13s_3.13.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.13s_3.13.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.13s_3.13.0as:::::::* cpe:2.3:o:cisco:ios_xe:3.12s_3.12.4s:::::::* cpe:2.3:o:cisco:ios_xe:3.12s_3.12.3s:::::::* cpe:2.3:o:cisco:ios_xe:3.12s_3.12.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.12s_3.12.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.12s_3.12.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.11s_3.11.4s:::::::* cpe:2.3:o:cisco:ios_xe:3.11s_3.11.3s:::::::* cpe:2.3:o:cisco:ios_xe:3.11s_3.11.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.11s_3.11.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.11s_3.11.0s:::::::* cpe:2.3:o:cisco:ios_xe:3.10s_3.10.6s:::::::* cpe:2.3:o:cisco:ios_xe:3.10s_3.10.5s:::::::* cpe:2.3:o:cisco:ios_xe:3.10s_3.10.4s:::::::* cpe:2.3:o:cisco:ios_xe:3.10s_3.10.3s:::::::* cpe:2.3:o:cisco:ios_xe:3.10s_3.10.2s:::::::* cpe:2.3:o:cisco:ios_xe:3.10s_3.10.1xbs:::::::* cpe:2.3:o:cisco:ios_xe:3.10s_3.10.1s:::::::* cpe:2.3:o:cisco:ios_xe:3.10s_3.10.0s:::::::*	102
Os	Lenovo Thinkcentre E75S Firmware cpe:2.3:o:lenovo:thinkcentre_e75s_firmware:::::::: cpe:2.3:o:lenovo:thinkcentre_e75s_firmware:-:::::::*	2
Os	Netgear Jr6150 Firmware cpe:2.3:o:netgear:jr6150_firmware::::::::	1
Os	Samsung X14J Firmware cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:::::::*	1
Os	Sun Opensolaris cpe:2.3:o:sun:opensolaris:snv_124::sparc:::::	1
Os	Zyxel gs1900-10Hp Firmware cpe:2.3:o:zyxel:gs1900-10hp_firmware::::::::	1
Os	Zzinc Keymouse Firmware cpe:2.3:o:zzinc:keymouse_firmware:3.08:::::windows::	1

Snort® IPS/IDS

Date	Description
2016-03-14	Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt RuleID : 37675 - Revision : 3 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2016-04-06	Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20160323-ikev2-ios.nasl - Type : ACT_GATHER_INFO
2016-04-06	Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20160323-ikev2-iosxe.nasl - Type : ACT_GATHER_INFO
2016-02-29	Name : The remote device is missing a vendor-supplied security patch. File : cisco_ike_fragmentation_rce.nasl - Type : ACT_ATTACK

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-06-08 13:25:03	Multiple Updates
2016-04-07 13:26:05	Multiple Updates
2016-03-29 05:29:01	Multiple Updates
2016-03-23 21:21:37	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	109
Snort® Rule(s)	1
Nessus® Exploit(s)	3

	Related
5.9	CVE-2016-1344
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.1 - cisco-sa-20160323-ios-ikev2

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU