Cisco Bug: CSCun31021 - IKEv1 unauthorized/not finished Phase 1 tears down different one
Nov 27, 2020
- Cisco 2600 Series Multiservice Platforms
Known Affected Releases
Symptom: A vulnerability in IKE module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to affect already established Security Associations (SA).. The vulnerability is due to a wrong handling of rogue IKE Main Mode packets. An attacker could exploit this vulnerability by sending a crafted Main Mode packet to an affected device. An exploit could allow the attacker to cause dropping of valid, established IKE Security Associations on an affected device. Conditions: Device configured to process IKE request that already has a number of established security associations.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases