You are here

U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability

April 2, 2012 - 7:00am

Addthis

PROBLEM:

A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).

PLATFORM:

Cisco IOS XE 2.1.x
Cisco IOS XE 2.2.x
Cisco IOS XE 2.3.x
Cisco IOS XE 2.4.x
Cisco IOS XE 2.5.x
Cisco IOS XE 2.6.x
Cisco IOS XE 3.1.x
Cisco IOS XE 3.3.x

ABSTRACT:

The IKEv1 feature of Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected device.

REFERENCE  LINKS:

Vendor Advisory
Secunia Advisory SA48607
CVE-2012-0381

iMPACT ASSESSMENT:

High

discussion:

The March 28, 2012, Cisco IOS Software Security Advisory bundled publication includes nine Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the March 2012 bundled publication.

The IKE protocol is used in the Internet Protocol Security (IPsec) protocol suite to negotiate cryptographic attributes that will be used to encrypt or authenticate the communication session. These attributes include cryptographic algorithm, mode, and shared keys. The end result of IKE is a shared session secret that will be used to derive cryptographic keys.

Cisco IOS Software supports IKE for IPv4 and IPv6 communications. IKE communication can use any of the following UDP ports:
UDP port 500
UDP port 4500, NAT Traversal (NAT-T)
UDP port 848, Group Domain of Interpretation (GDOI)
UDP port 4848, GDOI NAT-T

The IKEv1 feature of Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected device.
An attacker could exploit this vulnerability using either IPv4 or IPv6 on any of the listed UDP ports. Spoofing of packets that could exploit this vulnerability is limited because the attacker needs to either receive or have access to the initial response from the vulnerable device. This vulnerability is documented in Cisco bug ID CSCts38429 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-0381.

Impact:

Successful exploitation of the vulnerability may cause the vulnerable device to reload.

Solution:

Cisco has released free software updates that address this vulnerability. Cisco Support

 

Addthis