1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Critical VPN key exchange flaw exposes Cisco security appliances to remote hacking

Discussion in 'Network World' started by RSS, Feb 11, 2016.

  1. RSS

    RSS New Member Member

    Cisco Systems patched a critical vulnerability that could allow remote attackers to take over Cisco Adaptive Security Appliance (ASA) firewalls configured as virtual private network servers by simply sending malformed network packets to them.

    For devices that are designed to protect private networks from Internet attacks, this is as bad as it gets. That's why Cisco rated the vulnerability with the maximum score of 10 in the Common Vulnerability Scoring System.

    The flaw is located in the Cisco ASA code that handles the Internet Key Exchange version 1 (IKEv1) and IKE version 2 (IKEv2) protocols. More precisely, it stems from a buffer overflow condition in the function that processes fragmented IKE payloads.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page