1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BENIGNCERTAIN-like flaw affects various Cisco networking devices

Discussion in 'Help Net Security' started by RSS, Sep 19, 2016.

  1. RSS

    RSS New Member Member

    The leaking of BENIGNCERTAIN, an NSA exploit targeting a vulnerability in legacy Cisco PIX firewalls that allows attackers to eavesdrop on VPN traffic, has spurred Cisco to search for similar flaws in other products – and they found one. CVE-2016-6415 arises from insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. “The IKE protocol is used in the Internet Protocol Security (IPsec) protocol suite to negotiate cryptographic attributes that … More →

    Continue reading...

Share This Page