Cisco Adaptive Security Appliance (ASA) Internet Key Exchange versions 1 and 2 (IKEv1 and IKEv2) contains a buffer overflow vulnerability that may be leveraged to gain remote code execution.
CWE-119: Improper Restriction of Operations within the Bound of a Memory Buffer - CVE-2016-1287
According to the advisory by Exodus Intelligence:
By sending specially crafted UDP packets directly to affected devices, a remote, unauthenticated attacker may be able to execute arbitrary code and gain full control of affected systems.
Apply an update
Detect and filter malicious packets
Cisco credits David Barksdale, Jordan Gruskovnjak, and Alex Wheeler of Exodus Intelligence for reporting this vulnerability.
This document was written by Joel Land.
|Date First Published:||2016-02-11|
|Date Last Updated:||2016-02-16 18:35 UTC|