SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe remote Cisco Adaptive Security Appliance (ASA) or device running IOS / IOS XE is affected by one of the following vulnerabilities in the Internet Key Exchange (IKE) implementation :
- An overflow condition exists in both the IKE and IKEv2 implementations due to improper validation of user-supplied input when handling UDP packets. An unauthenticated, remote attacker can exploit this issue, via specially crafted UDP packets, to cause a buffer overflow condition, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-1287)
- A denial of service vulnerability exists in the IKEv2 implementation due to improper handling of fragmented IKEv2 packets. An unauthenticated, remote attacker can exploit this issue, via specially crafted UDP packets, to cause the device to reload. (CVE-2016-1344)
SolutionUpgrade to the relevant fixed version referenced in Cisco Security Advisories cisco-sa-20160210-asa-ike and cisco-sa-20160323-ios-ikev2.