Phone: 1-800-862-5965

Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

Cisco has recently released a Security Advisory regarding a vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.

The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system.

Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Cisco has released software updates that address this vulnerability. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

Affected Products

Affected Cisco ASA Software running on the following products may be affected by this vulnerability:

  • Cisco ASA 5500 Series Adaptive Security Appliances
  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Cisco ASA 1000V Cloud Firewall
  • Cisco Adaptive Security Virtual Appliance (ASAv)
  • Cisco Firepower 9300 ASA Security Module
  • Cisco ISA 3000 Industrial Security Appliance

Cisco ASA Software is affected by this vulnerability if the system is configured to terminate IKEv1 or IKEv2 VPN connections. This includes the following:

  • LAN-to-LAN IPsec VPN
  • Remote access VPN using the IPsec VPN client
  • Layer 2 Tunneling Protocol (L2TP)-over-IPsec VPN connections
  • IKEv2 AnyConnect

CyberLynk Network Engineers have started contacting managed & un-managed Cisco ASA customers within CyberLynk’s Milwaukee, Wisconsin (MKE1) and Phoenix, Arizona (PHX1) Datacenters. CyberLynk is also contacting colocation and fiber Internet customers that are known to use Cisco ASA hardware.

If you require further information, please feel free to email support@cyberlynk.net.