04-18-2024 02:02 AM
Hi
When nessus scan, we got vulnerability info as below. Any solution can be used for this issue?
A remote device is affected by an information disclosure
"The IKE service running on the remote Cisco IOS device is affected by
an information disclosure vulnerability, known as BENIGNCERTAIN, in
the Internet Key Exchange version 1 (IKEv1) subsystem due to improper
handling of IKEv1 security negotiation requests. An unauthenticated,
remote attacker can exploit this issue, via a specially crafted IKEv1
packet, to disclose memory contents, resulting in the disclosure of
confidential information including credentials and configuration
settings.
BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and
exploits disclosed on 2016/08/14 by a group known as the Shadow
Brokers."
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCvb29204."
Current Version:15.0(1)M5 and device model:CISCO1905/K9
04-18-2024 06:37 AM
>...Any solution can be used for this issue?
- Upgrade to one of the Known Fixed Releases in the bug report ,
M.
04-19-2024 01:26 AM
Hi,
04-19-2024 01:41 AM
- FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb29204
>...Look for Known Fixed Releases
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide