02-11-2016 06:41 AM - edited 03-20-2019 08:51 PM
For firewalls which do not have Ikev1 or v2 enabled/configured, could the remote code still be executed and either force the reboot or allow for remotely executing code?
Solved! Go to Solution.
02-11-2016 08:56 AM
Hi awysocki,
The documentation states you need either a Site-to-Site tunnel running Ikev1 or ikev2 , or a remote connection with ipsec technologies. If you don't have any of those technologies the exploit can't be executed.
You can check if the IPSec is enabled with the command:
ciscoasa# show running-config crypto map | include interface crypto map outside_map interface outside
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
Hope it helps
-Randy-
02-11-2016 08:56 AM
Hi awysocki,
The documentation states you need either a Site-to-Site tunnel running Ikev1 or ikev2 , or a remote connection with ipsec technologies. If you don't have any of those technologies the exploit can't be executed.
You can check if the IPSec is enabled with the command:
ciscoasa# show running-config crypto map | include interface crypto map outside_map interface outside
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
Hope it helps
-Randy-
02-11-2016 09:54 AM
Thanks. I apparently skipped that section when reading through.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide