Cisco Warns ASA Software is Vulnerable to IKE Bug
Organisations are being warned to patch their Cisco Adaptive Security Appliance (ASA) products immediately after it was found they are vulnerable to a remote code execution bug.
Cisco have released software updates to address this vulnerability and have instructed customers not to wait, but to follow the advisory available at this link.
The vulnerability has been identified in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA software. It means that an unauthenticated, remote attacker could cause a reload of the affected system or to remotely execute code.
The issue has arisen due a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending out crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system.
Only traffic that is directed to the affected system can be used to exploit this vulnerability. It affects systems configured in routed firewall mode only and in single or multiple context mode. It can be triggered by IPv4 and IPv6 traffic.
There is no workaround for the vulnerability so the patch released by Cisco needs to be used for affected software versions. Cisco has list the following as being affected: ASA 5500, ASA 5500-X, ASA Services Module for Catalyst 6500 switches and 7600 Series routers, the ASA 1000V Cloud Firewall, the Adaptive Security Virtual Appliance, the Firepower 9300 ASA module, and the ISA (industrial security appliance) 3000.
For further assistance or support, contact your SCC account manager, call 0121 281 8618 or e-mail [email protected].