Reference: CERT-EU Security Advisory 2016-113 Short Summary -------------- A vulnerability in the Internet Key Exchange .v1 and .v2 of CISCO ASA software can be exploited causing DOS or even remote code execution [1]. The configuration of terminating IKE VPN connections makes the system vulnerable. An attacker using memory heap overflow is able to execute his arbitrary code on the device. The flaw is located on the bound-checking algorithm. A guide of how to exploit a vulnerable device is published [2]. CVE reference: CVE-2016-1287 Affected platforms: CISCO ASA, ASAv Version: 5500, 5500-X, Catalyst 6500 and 7600, 1000V, Firepower 9300, ISA 3000 Date found: 2016-02-10 Security risk: High Vendor Status: Notified / Patch available Systems affected ----------------- versions 5500, 5500-X, Catalyst 6500 and 7600, 1000V, Firepower 9300, ISA 3000 Impact ------- The successful exploitation of a vulnerable device allows the attacker to reload the device or execute his payload leading to remote connect to the device. Solutions ---------- No workarounds. Vendor has released software updates that address the problem. Additional References ----------------------- [1] CISCO: http= s://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-= 20160210-asa-ike [2] Exodus Blog: https://blog.exodusintel.= com/2016/01/26/firewall-hacking/ CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383