1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cisco patches Equation group exploit in IOS, IOS XE and IOS XR devices

Discussion in 'Network World' started by RSS, Sep 19, 2016.

  1. RSS

    RSS New Member Member

    Cisco Systems has patched a vulnerability similar to one exploited by a cyberespionage group believed to be linked to the U.S. National Security Agency.

    The vulnerability affects networking devices running Cisco's IOS, IOS XE and IOS XR operating systems that process IKEv1 (Internet Key Exchange version 1) packets. When exploited, it allows remote unauthenticated attackers to extract contents from a device's memory, potentially leading to the exposure of sensitive and confidential information.

    IKE is a key exchange protocol used by several popular features including LAN-to-LAN VPN (Virtual Private Network), remote access VPN, Dynamic Multipoint VPN (DMVPN) and Group Domain of Interpretation (GDOI). It is likely to be enabled on many Cisco devices in enterprise environments.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page