| VID |
29130 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco IOS, according to its version number, has a denial of service vulnerability (CISCO bug ID CSCed94829) in the IKE packet processing. IPSec is a protocol commonly used in Virtual Private Networks (VPNs). The Internet Key Exchange (IKE) protocol is used to negotiate keying material for IPSec Security Associations (SAs) and provides authentication of peers. Cisco IOS versions 12.2SX, 12.3T, 12.4, 12.4T and possibly other Cisco Devices are vulnerable a denial of service vulnerability, caused by an error in the IKE version 1 implementation. By sending a specially-crafted IKE message to the affected device, a remote attacker could cause the device to reload.
* Note: This check solely relied on the version number of the remote system to assess these vulnerabilities, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor. And also, if IKE is disabled, please ignore this alert.
* References:
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml
http://www.kb.cert.org/vuls/id/226364
http://securitytracker.com/alerts/2005/Nov/1015198.html
http://securitytracker.com/alerts/2005/Nov/1015199.html
http://securitytracker.com/alerts/2005/Nov/1015200.html
http://securitytracker.com/alerts/2005/Nov/1015201.html
http://securitytracker.com/alerts/2005/Nov/1015202.html
http://www.securiteam.com/securitynews/6M00C1FEKU.html
* Platforms Affected:
Cisco IOS versions 12.2SX, 12.3T, 12.4, 12.4T and possibly other Cisco devices |
| Recommendation |
Upgrade to the fixed Cisco IOS version, as listed in "Software Versions and Fixes" of Cisco Security Advisory (Multiple Vulnerabilities Found by PROTOS IPSec Test Suite) at http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml
Upgrades should be obtained through the Software Center on Cisco's worldwide web site at http://www.cisco.com |
| Related URL |
CVE-2005-3669 (CVE) |
| Related URL |
15401 (SecurityFocus) |
| Related URL |
23033 (ISS) |
|
