Guest

Preview Tool

Cisco Bug: CSCvi05126 - ISAKMP Notification messages carry unnecessary data

Last Modified

May 28, 2019

Products (161)

  • Cisco IOS
  • Cisco Catalyst 3850-12S-E Switch
  • Cisco Catalyst 3850-48XS-E Switch
  • Cisco Catalyst C9500-48Y4C-A Switch
  • Cisco Catalyst 3650-8X24UQ-E Switch
  • Cisco Catalyst 9300-48U-A Switch
  • Cisco 4221 Integrated Services Router
  • Cisco Catalyst 3650-24TD-S Switch
  • Cisco Catalyst 3850-48P-E Switch
  • Cisco Catalyst 3850-16XS-S Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

Fuji-16.9.1

Description (partial)

Symptom:
An ISAKMP Notification message may carry an additional 12 bytes of data after the NOTIFICATION payload as part of the NOTIFICATION DATA.

Those 12 bytes are not required for normal operation. The data is part of the IP header for the original IKE SA request that triggered this NOTIFICATION message.

Conditions:
This behavior has been observed when ALL of the following conditions are met :

a) the device is running a software release with the fix for CVE-2016-6415, and
b) the device is configured with at least one IKE policy, and
c) the device receives an IKE SA request that triggers the generation of an IKE NOTIFICATION message
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.