Cisco ASA / IOS IKE Fragmentation Vulnerability

Critical Nessus Plugin ID 89033

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The remote Cisco Adaptive Security Appliance (ASA) or device running IOS / IOS XE is affected by one of the following vulnerabilities in the Internet Key Exchange (IKE) implementation :

- An overflow condition exists in both the IKE and IKEv2 implementations due to improper validation of user-supplied input when handling UDP packets. An unauthenticated, remote attacker can exploit this issue, via specially crafted UDP packets, to cause a buffer overflow condition, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-1287)

- A denial of service vulnerability exists in the IKEv2 implementation due to improper handling of fragmented IKEv2 packets. An unauthenticated, remote attacker can exploit this issue, via specially crafted UDP packets, to cause the device to reload. (CVE-2016-1344)

Solution

Upgrade to the relevant fixed version referenced in Cisco Security Advisories cisco-sa-20160210-asa-ike and cisco-sa-20160323-ios-ikev2.

See Also

http://www.nessus.org/u?eafc4e71

http://www.nessus.org/u?9feec3b3

https://www.tenable.com/security/research/tra-2016-06

Plugin Details

Severity: Critical

ID: 89033

File Name: cisco_ike_fragmentation_rce.nasl

Version: 1.13

Type: remote

Family: CISCO

Published: 2016/02/29

Updated: 2020/06/12

Risk Information

Risk Factor: Critical

CVSS Score Source: CVE-2016-1287

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:adaptive_security_appliance_software

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/02/10

Vulnerability Publication Date: 2016/01/23

Reference Information

CVE: CVE-2016-1287, CVE-2016-1344

BID: 83161