Network Penetration Testing
Cisco IKE Fragmentation Vulnerability
A Cisco ASA appliance was found to be affected by a remote code execution vulnerability. A buffer overflow can be caused by fragmented UDP IKE packets, potentially leading to execution of arbitrary code.
More information on these vulnerabilities can be found at the following URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
Devices should be upgraded to a patched version of IOS. To find an appropriate patch level for the device consult this table:
| Version | Patch to |
|---|---|
| 7.21 | Affected; migrate to 9.1(6.11) or later |
| 8.01 | Affected; migrate to 9.1(6.11) or later |
| 8.11 | Affected; migrate to 9.1(6.11) or later |
| 8.21 | 8.2(5.59)2 |
| 8.31 | Affected; migrate to 9.1(6.11) or later |
| 8.4 | 8.4(7.30) or later |
| 8.51 | Not affected |
| 8.61 | Affected; migrate to 9.1(6.11) or later |
| 8.7 | 8.7(1.18) or later |
| 9.0 | 9.0(4.38) or later |
| 9.1 | 9.1(6.11) or later |
| 9.2 | 9.2(4.5) or later |
| 9.3 | 9.3(3.7) or later |
| 9.4 | 9.4(2.4) or later |
| 9.5 | 9.5(2.2) or later |
More information can be found at the following URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike