Major Cisco vulnerability (one of the highest in recent history)

[securitybreach]

This change is in response to Cisco’s public disclosure on Wednesday (10-Feb-2016) of a new and high-risk vulnerability that exists in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA software. The change in AlertCon threat level also reflects increased reconnaissance activity observed across the Internet, which may be indicative of an intent to exploit this critical vulnerability in a highly-deployed network infrastructure platform.

 

The Cisco Security Advisory is titled Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability and caries one of the highest risk ratings in recent history. Cisco rates the risk at a 10 on a scale from 1 to 10, according to the Common Vulnerabilities Scoring System (CVSS version 2.0).

 

X-Force has similarly calculated a base score of 9.8 on a scale of 1 to 10 using the newer CVSS version 3.0 methodology.

 

X-Force has similarly calculated This change is in response to Cisco’s public disclosure on Wednesday (10-Feb-2016) of a new and high-risk vulnerability that exists in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA software. The change in AlertCon threat level also reflects increased reconnaissance activity observed across the Internet, which may be indicative of an intent to exploit this critical vulnerability in a highly-deployed network infrastructure platform.

 

The Common Vulnerabilities Exposure (CVE) reference number for this vulnerability is CVE-2016-1287.

 

It is important that you understand this threat and how it may affect you. Take immediate steps to implement protection on vulnerable systems. To learn more, visit our X-Force Advisory on the X-Force Exchange.

 

https://exchange.xfo...bilities/110524

 

(The text came from an email from IBM's X-Force Advisory)