IKE: ISAKMP Invalid Negotiation Traffic
This signature detects attempts to exploit a known vulnerability against ISAKMP IKE components. Attackers can send maliciously crafted packets to a router running a VPN node and cause a denial-of-service condition in the VPN.
Extended Description
Various Cisco IOS, PIX Firewall, Firewall Services Module (FWSM), VPN 3000 Series Concentrator, and MDS Series SanOS releases are prone to denial of service attacks. These issues are due to security flaws in Cisco's IPSec implementation. The vulnerabilities may be triggered by malformed IKE traffic. Successful attacks will cause most affected devices to restart. For Cisco MDS Series devices, this is limited to causing the IKE process to restart.
Affected Products
Cisco pix_firewall,Cisco pix_firewall
References
BugTraq: 15401
CVE: CVE-2005-3669
URL: http://www.kb.cert.org/vuls/id/226364 http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml
Short Name
IKE:DOS:ISAKMP-DOS
Severity
Minor
Recommended
False
Recommended Action
None
Category
IKE
Keywords
CVE-2005-3669 ISAKMP Invalid Negotiation Traffic bid:15401
Release Date
12/12/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Cisco
CVSS Score
5.0