A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process.

The vulnerability is due to a race condition in the IKEv2 negotiation logic.

An attacker could exploit this vulnerability by sending crafted IKEv2 packets during a negotiation.

An exploit could allow the attacker to cause a crash of the ipsecmgr process, which will restart on its own. Only the connection being negotiated will need to re-establish.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process.

The vulnerability is due to a race condition in the IKEv2 negotiation logic.

An attacker could exploit this vulnerability by sending crafted IKEv2 packets during a negotiation.

An exploit could allow the attacker to cause a crash of the ipsecmgr process, which will restart on its own. Only the connection being negotiated will need to re-establish.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1

Security Impact Rating: Medium

CVE: CVE-2016-9203

Leave a Reply