Cisco ASA / IOS IKE Fragmentation Vulnerability

critical Nessus Plugin ID 89033

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The remote Cisco Adaptive Security Appliance (ASA) or device running IOS / IOS XE is affected by one of the following vulnerabilities in the Internet Key Exchange (IKE) implementation :

- An overflow condition exists in both the IKE and IKEv2 implementations due to improper validation of user-supplied input when handling UDP packets. An unauthenticated, remote attacker can exploit this issue, via specially crafted UDP packets, to cause a buffer overflow condition, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-1287)

- A denial of service vulnerability exists in the IKEv2 implementation due to improper handling of fragmented IKEv2 packets. An unauthenticated, remote attacker can exploit this issue, via specially crafted UDP packets, to cause the device to reload. (CVE-2016-1344)

Solution

Upgrade to the relevant fixed version referenced in Cisco Security Advisories cisco-sa-20160210-asa-ike and cisco-sa-20160323-ios-ikev2.

See Also

http://www.nessus.org/u?eafc4e71

http://www.nessus.org/u?9feec3b3

https://www.tenable.com/security/research/tra-2016-06

Plugin Details

Severity: Critical

ID: 89033

File Name: cisco_ike_fragmentation_rce.nasl

Version: 1.13

Type: remote

Family: CISCO

Published: 2/29/2016

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-1287

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:adaptive_security_appliance_software

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/10/2016

Vulnerability Publication Date: 1/23/2016

Reference Information

CVE: CVE-2016-1287, CVE-2016-1344

BID: 83161