• Services
  • Blog
  • Knowledge Base
  • Contact
our services
  • Application Penetration Testing

    • X-Runtime Header Timing Attacks
    • wkhtmltopdf File Inclusion Vulnerability
    • API Mass Assignment Vulnerability
    • Web Server TRACE Enabled
  • AWS Pentesting

    • Misconfigured S3 Bucket
    • S3 Storage Does Not Require Authentication
  • DevOps Security

    • Securing Travis CI
  • Encryption

    • TLS 1.0 Initialization Vector Implementation Information Disclosure Vulnerability
    • OpenSSL ‘ChangeCipherSpec’ (CCS) MiTM Vulnerability
    • ‘Export Ciphers’ Enabled
  • Network Penetration Testing

    • PHP Easter Eggs Enabled
    • MySQL Multiple Vulnerabilities
    • Debian Predictable Random Number Generator Weakness
    • Cisco IKE Fragmentation Vulnerability
  • Pentesting Fundamentals

    • Testing Cookie Based Session Management
Network Penetration Testing

Cisco IKE Fragmentation Vulnerability

our services

A Cisco ASA appliance was found to be affected by a remote code execution vulnerability. A buffer overflow can be caused by fragmented UDP IKE packets, potentially leading to execution of arbitrary code.

More information on these vulnerabilities can be found at the following URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

Devices should be upgraded to a patched version of IOS. To find an appropriate patch level for the device consult this table:

Version Patch to
7.21 Affected; migrate to 9.1(6.11) or later
8.01 Affected; migrate to 9.1(6.11) or later
8.11 Affected; migrate to 9.1(6.11) or later
8.21 8.2(5.59)2
8.31 Affected; migrate to 9.1(6.11) or later
8.4 8.4(7.30) or later
8.51 Not affected
8.61 Affected; migrate to 9.1(6.11) or later
8.7 8.7(1.18) or later
9.0 9.0(4.38) or later
9.1 9.1(6.11) or later
9.2 9.2(4.5) or later
9.3 9.3(3.7) or later
9.4 9.4(2.4) or later
9.5 9.5(2.2) or later

More information can be found at the following URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

← ‘Export Ciphers’ Enabled
Debian Predictable Random Number Generator Weakness →
  • Services
  • Blog
  • Knowledge Base
  • Contact
Looking for a better
penetration test?

Make an appointment with an expert today

Request a meeting invite? (EDT)

Contact ASAP3:00 PM Today4:00 PM Today1:00 PM Tomorrow3:00 PM TomorrowOther / Just Send Info