Posted on February 13, 2016
This looks like it truly is a big deal, particularly for sites with Site to Site VPN links on their ASAs, but other configurations are suspect as well. The vulnerability write-up by the discovers shows a scary looking remote CLI exploit with full command prompt.
Official Cisco note:
A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system.
Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability (official Cisco Security Advisory)
Execute My Packet (extensive write-up on low level details of vulnerability)
SANS Internet Storm Center post (monitor comments and post updates)
Cisco CVE-2016-1287 Network Vulnerability and our Mitigation Solution (possible temporary workaround for some situations)
Read the linked story
If you enjoyed this, you're invited to subscribe to be notified
when I post similar items.
I also invite you to connect with me by email or on Twitter if you
have a comment, idea, or question.