Cisco IOS IKEv1 Information Disclosure Vulnerability (cisco-sa-20160916-ikev1)

漏洞类别:Cisco

漏洞等级:

漏洞信息

A vulnerability in IKEv1 packet processing code in Cisco IOS Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.
The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests.

漏洞危害

An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information.

解决方案

Refer to Cisco advisory cisco-sa-20160916-ikev1 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

cisco-sa-20160916-ikev1: Cisco IOS

0day

发表评论