Wednesday, December 7, 2016

Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process.

The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit this vulnerability by sending crafted IKEv2 packets during a negotiation. An exploit could allow the attacker to cause a crash of the ipsecmgr process, which will restart on its own. Only the connection being negotiated will need to re-establish.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2gCtv8d A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process.

The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit this vulnerability by sending crafted IKEv2 packets during a negotiation. An exploit could allow the attacker to cause a crash of the ipsecmgr process, which will restart on its own. Only the connection being negotiated will need to re-establish.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2gCtv8d
Security Impact Rating: Medium
CVE: CVE-2016-9203

from Cisco Security Advisory http://ift.tt/2gCtv8d
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)