Cisco has released a security advisory for a vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system.
Affected Cisco ASA Software running on the following products may be affected by this vulnerability:
- Cisco ASA 5500 Series Adaptive Security Appliances
- Cisco ASA 5500-X Series Next-Generation Firewalls
- Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Cisco ASA 1000V Cloud Firewall
- Cisco Adaptive Security Virtual Appliance (ASAv)
- Cisco Firepower 9300 ASA Security Module
- Cisco ISA 3000 Industrial Security Appliance
|Cisco ASA Major Release||First Fixed Release|
|7.21||Affected; migrate to 9.1(6.11) or later|
|8.01||Affected; migrate to 9.1(6.11) or later|
|8.11||Affected; migrate to 9.1(6.11) or later|
|8.31||Affected; migrate to 9.1(6.11) or later|
|8.4||8.4(7.30) or later|
|8.61||Affected; migrate to 9.1(6.11) or later|
|8.7||8.7(1.18) or later|
|9.0||9.0(4.38) or later|
|9.1||9.1(6.11) or later|
|9.2||9.2(4.5) or later|
|9.3||9.3(3.7) or later|
|9.4||9.4(2.4) or later|
|9.5||9.5(2.2) or later|
1Cisco ASA Software releases 7.2, 8.0, 8.1, 8.2, 8.3, 8.5, and 8.6 have reached End of Software Maintenance. Customers should migrate to a supported release.
2Cisco ASA Software release 8.2 reached End of Software Maintenance on October 21, 2015. To protect our customers still using the End of Support train 8.2 software, the Cisco ASA product team has made available an off-cycle release to address this issue. As Cisco has no plans for additional off-cycle updates to train 8.2, we recommend customers work with their relevant support organization to migrate to supported software.
For More Information Visit: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike