On February 10, 2016, details of a serious buffer overflow vulnerability were released by Cisco and Exodus Intelligence affecting the Cisco ASA software.
What is the issue?
Exploitation of the Cisco ASA IKEv1 and IKEv2 buffer overflow vulnerability by a remote, unauthenticated attacker could result in complete compromise of Cisco ASA devices configured to terminate the IKEv1 and IKEv2 protocols. The IKEv1 and IKEv2 protocols are used in VPN tunnels. Additionally, the vulnerability could be used to cause affected Cisco ASA devices to reload.
Should we be concerned?
Yes. While public exploits have not been released, detailed vulnerability and exploitation details have been released by Exodus Intelligence. This may enable attackers to recreate the exploit and compromise devices or cause devices to reload.
Additionally, a large increase in activity for port 500/udp, a port used by IKE, has been noted by SANS.
What types of systems are vulnerable?
For specific details, refer to Cisco Security Advisory ID at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
Cisco has released software updates that address this vulnerability. According to Cisco, no workarounds to mitigate the vulnerability are available.
You can find out more information on the vulnerabilities here:
- Exodus Intelligence technical report at https://blog.exodusintel.com/2016/02/10/firewall-hacking/
- SANS Internet Storm Center at https://isc.sans.edu/diary/Critical+Cisco+ASA+IKEv2v2+Vulnerability.+Active+Scanning+Detected/
- Contact your support vendor to discuss the vulnerabilities.
- Patch vulnerable Cisco ASA devices as soon as possible.
- Follow Cisco guidance related to update requirements.
No one is immune to cyber-attacks
Be confident that threats to your network will be detected consistently and accurately with Tyler Detect. Our team of cybersecurity experts actively investigates to find threats and are always ready to offer you support and answer your questions.