APP: Cisco IKEv1 Information Disclosure

An information disclosure vulnerability has been reported in Cisco IOS IKEv1.Successful exploitation results in disclosure of sensitive memory contents.

Extended Description

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

Affected Products

Cisco ios_xr

References

CVE: CVE-2016-6415

Short Name
APP:CISCO:IKEV1-ID
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2016-6415 Cisco Disclosure IKEv1 Information
Release Date
11/17/2016
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3341
Port
UDP/500,848,4500,4848
False Positive
Unknown
Vendors

Cisco

CVSS Score

5.0

Found a potential security threat?