Cisco IOS IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN) (uncredentialed check)

Medium Nessus Plugin ID 96802

Synopsis

A remote device is affected by an information disclosure vulnerability.

Description

The IKE service running on the remote Cisco IOS device is affected by an information disclosure vulnerability, known as BENIGNCERTAIN, in the Internet Key Exchange version 1 (IKEv1) subsystem due to improper handling of IKEv1 security negotiation requests. An unauthenticated, remote attacker can exploit this issue, via a specially crafted IKEv1 packet, to disclose memory contents, resulting in the disclosure of confidential information including credentials and configuration settings.

BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and exploits disclosed on 2016/08/14 by a group known as the Shadow Brokers.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvb29204.

See Also

http://www.nessus.org/u?b7f2c76c

http://www.nessus.org/u?4c7e0cf3

https://blogs.cisco.com/security/shadow-brokers

Plugin Details

Severity: Medium

ID: 96802

File Name: cisco_ikev1_info_disclosure.nasl

Version: 1.4

Type: remote

Family: CISCO

Published: 2017/01/26

Updated: 2018/07/06

Dependencies: 62695

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: udp/ikev1

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 2016/09/16

Vulnerability Publication Date: 2016/08/14

Reference Information

CVE: CVE-2016-6415

BID: 93003

CISCO-BUG-ID: CSCvb29204

CISCO-SA: cisco-sa-20160916-ikev1