Hello,
I investigate on a potential vulnerability of IKE on my router, but I don't know if I'm impacted or not. My router is a cisco2621XM running in version 12.2(15)T13.
I flowing advisories Cisco IOS Internet Key Exchange Vulnerability on theses link :
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-ike#@ID
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-ike#@ID
And when I check the Software section in advisories, I saw that the version 12.2T is vulnerable and the First fixed is in Release 15.0M. So I have followed the part : vulnerable product of advisories, please fin below the result :
1 ) Determine if IKE Ports are Open on a Running Device ( If the device has UDP port 500, UDP port 4500, UDP port 848, or UDP port 4848 open, it is processing IKE packets.)
Router#sh ip sockets
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 XX.XX.XX.XX 514 XX.XX.XX.XX 55668 0 0 20 0
17 XX.XX.XX.XX 162 XX.XX.XX.XX 54161 0 0 0 0
17 --listen-- XX.XX.XX.XX 123 0 0 1 0
17 XX.XX.XX.XX 45391 XX.XX.XX.XX 161 0 0 1 0
17 --listen-- XX.XX.XX.XX 162 0 0 11 0
17 --listen-- XX.XX.XX.XX 53909 0 0 11 0
17 XX.XX.XX.XX 49 XX.XX.XX.XX 49 0 0 21 66
So, UDP ports 500, 4500, 848, 4848 seems to be not opened.
2) Determine if IKE Features are included in the Device Configuration (this can be achieved by using the show run | include crypto map|tunnel protection ipsec|crypto gdoi)
Router#sh run | include crypto map|tunnel protection ipsec|crypto gdoi
crypto map FastEth0-1 130 ipsec-isakmp
crypto map FastEth0-1 135 ipsec-isakmp
crypto map FastEth0-1 136 ipsec-isakmp
crypto map FastEth0-1 140 ipsec-isakmp
crypto map FastEth0-1
Router#
So, feature IKE are include in configuration of my device.
I don’t know what conclude because IKE ports are not open but we have the feature IKE include in the configuration of the router... Someone can say if in my case we are affected or not by this vulnerability?
Thanks for your answer.
Best Regards,
Guillaume