cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2375
Views
0
Helpful
4
Replies

Vulnerability is found in cisco router

Leftz
Level 4
Level 4

 

Hi 

When tenable scan, we got vulnerability info as below. Any solution can be used for this issue? Thank you 

A remote device is affected by an information disclosure

The IKE service running on the remote Cisco IOS device is affected by
an information disclosure vulnerability, known as BENIGNCERTAIN, in
the Internet Key Exchange version 1 (IKEv1) subsystem due to improper
handling of IKEv1 security negotiation requests. An unauthenticated,
remote attacker can exploit this issue, via a specially crafted IKEv1
packet, to disclose memory contents, resulting in the disclosure of
confidential information including credentials and configuration
settings.

BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and
exploits disclosed on 2016/08/14 by a group known as the Shadow
Brokers.

1 Accepted Solution

Accepted Solutions

@Leftz are you even using IKEv1 on this router? If not remove your IKEv1 policies, including the default

 

Else...

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

 

View solution in original post

4 Replies 4

@Leftz are you even using IKEv1 on this router? If not remove your IKEv1 policies, including the default

 

Else...

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

 

Leo Laohoo
Hall of Fame
Hall of Fame

Upgrade the firmware of the router to a version which fixes this vulnerability.

Leftz
Level 4
Level 4

@Rob Ingram Which command can confirm it is using IKEv1 or v2?

@Leftz Use "show crypto ikev1 sa" or "show crypto ikev2 sa" that will confirm if you are using either IKE version. Your configuration would also indicate which version you are using.

Review Cisco Networking for a $25 gift card