Cisco Analyzing Issue, Finds a Flaw

Thursday, September 22, 2016 @ 02:09 PM gHale


An IOS software vulnerability identified by Cisco while analyzing leaked firewall exploits affects hundreds of thousands of devices globally.

The flaw, tracked as CVE-2016-6415, is in the Internet Key Exchange version 1 (IKEv1) packet processing code of Cisco’s IOS, IOS XE and IOS XR software, and it can end up exploited by a remote, unauthenticated attacker to access memory content that could contain sensitive information.

RELATED STORIES
Cisco Finds New Zero Day
Cisco Patches WebEx Hole
Cisco Plugs Product Holes
Cisco Fixes Zero Day, Other Vulnerabilities

In order to determine how many devices suffer from the vulnerability, The Shadowserver Foundation conducted an Internet scan for the Internet Security Association and Key Management Protocol (ISAKMP), which is part of IKE.

http://blog.shadowserver.org/2016/09/20/isakmp-scanning-and-potential-vulnerabilities/

“We are querying all computers with routable IPv4 addresses that are not firewalled from the internet with a specifically crafted 64 byte ISAKMP packet and capturing the response,” the organization said.

As of the last scan, 853,233 unique IP addresses responded as vulnerable to Shadowserver’s probe. The highest percentage of affected devices was in the United States (259,249), followed by Russia (44,056), United Kingdom (43,005), Canada (42,028), Germany (35,984), Japan (33,715), Mexico (27,238), France (27,401), Australia (25,193), China (23,700) and Italy (19,902). Based on autonomous system numbers (ASNs), many of the IPs are on Comcast and AT&T’s network.

There is no evidence the products of vendors other than Cisco are affected by the vulnerability, but Shadowserver said it is not a conclusive test.

Cisco discovered the security hole while analyzing an exploit dubbed “BENIGNCERTAIN.”