Sage Advice - Cybersecurity Blog

Cisco ASA IKEv1 and IKEv2 Buffer Overflow Vulnerability Advisory

cisco-vulnerabilityOn February 10, 2016, details of a serious buffer overflow vulnerability were released by Cisco and Exodus Intelligence affecting the Cisco ASA software.

What is the issue?

Exploitation of the Cisco ASA IKEv1 and IKEv2 buffer overflow vulnerability by a remote, unauthenticated attacker could result in complete compromise of Cisco ASA devices configured to terminate the IKEv1 and IKEv2 protocols. The IKEv1 and IKEv2 protocols are used in VPN tunnels. Additionally, the vulnerability could be used to cause affected Cisco ASA devices to reload.

Should we be concerned?

Yes. While public exploits have not been released, detailed vulnerability and exploitation details have been released by Exodus Intelligence. This may enable attackers to recreate the exploit and compromise devices or cause devices to reload.

Additionally, a large increase in activity for port 500/udp, a port used by IKE, has been noted by SANS.

What types of systems are vulnerable?

For specific details, refer to Cisco Security Advisory ID at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

Cisco has released software updates that address this vulnerability. According to Cisco, no workarounds to mitigate the vulnerability are available.

You can find out more information on the vulnerabilities here:

  1. Exodus Intelligence technical report at https://blog.exodusintel.com/2016/02/10/firewall-hacking/
  2. SANS Internet Storm Center at https://isc.sans.edu/diary/Critical+Cisco+ASA+IKEv2v2+Vulnerability.+Active+Scanning+Detected/

 Recommended Actions

  1. Contact your support vendor to discuss the vulnerabilities.
  2. Patch vulnerable Cisco ASA devices as soon as possible.
  3. Follow Cisco guidance related to update requirements.

No one is immune to cyber-attacks

Be confident that threats to your network will be detected consistently and accurately with Tyler Detect. Our team of cybersecurity experts actively investigates to find threats and are always ready to offer you support and answer your questions.

Learn More

Topics: Threat Advisories

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More