Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
0
Helpful
2
Replies

IOS software Internet Key Exchange v2 Fragmentation Denial of Service Vulnerability FIX?

Nik Warren
Level 1
Level 1

‎07-15-2016 05:33 AM - edited ‎03-10-2019 12:41 AM

I have been asked to patch the ASA for the Cisco Advisory ID: cisco-sa-20160323-ios-ikev2.

(A vulnerability in the Internet Key Exchange (IKE) version 2 (v2) fragmentation code of Cisco IOS and IOS XE Software could allow an

unauthenticated, remote attacker to cause a reload of the affected system.)

I was trying to find out how to patch the ASA.  Is it a complete IOS upgrade or is there actually a patch for the fix

Our ASA is a 5550 software version 8.4(2) with Device Manager 6.4(5)206.

Any help will be most appreciated, so I can then acquire the correct file etc..

The advisory notice doesn't actually detail the process involved.

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎07-16-2016 12:47 AM

It is a complete new IOS version.

Note that the 5550 is a pretty old model now, so don't be surprised if new software has not been release for it to resolve the issue.

0 Helpful

Karsten Iwen
VIP
VIP

‎07-18-2016 08:49 AM

The vulnerability report states that the ASA is not vulnerable to this bug. But you should be more concerned about http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20160210-asa-ike.html. That one is most likely relevant to your ASA.

0 Helpful
Customers Also Viewed These Support Documents