Vigil@nce - Cisco IOS, IOS XE: denial of service via IKE Main Mode
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send IKE Main Mode packets to Cisco IOS or IOS XE,
in order to trigger a denial of service.
– Impacted products: Cisco Catalyst, IOS, IOS XE, Cisco Router xx00
Series
– Severity: 2/4
– Creation date: 04/04/2014
DESCRIPTION OF THE VULNERABILITY
The IKE protocol is used to exchange keys to establish an IPsec
tunnel (Security Association).
However, an attacker can send IKE Main Mode packets, in order to
delete a Security Association. Technical details are unknown.
An attacker can therefore send IKE Main Mode packets to Cisco IOS
or IOS XE, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IOS-IOS-XE-denial-of-service-via-IKE-Main-Mode-14529