Cisco 6500 and 7600 series VPNSM malformed IKE packet denial of service

cisco-vpnsm-ike-dos (15797) The risk level is classified as MediumMedium Risk

Description:

Cisco Catalyst 6500 Series Switch and Cisco 7600 Internet Router running Cisco IOS versions 12.2SXA, 12.2SXB, 12.2SY, and 12.2ZA with the Cisco IP Security (IPSec) VPN Services Module (VPNSM) installed are vulnerable to a denial of service. By sending a malformed Internet Key Exchange (IKE) packet, a remote attacker could cause the device to crash and reload.


Consequences:

Denial of Service

Remedy:

Upgrade to the latest software version for your device, as listed in Cisco Security Advisory 50430. See References.

References:

  • Cisco Systems Inc. Security Advisory, 2004 April 8 at 1600 UTC (GMT): Cisco IPSec Malformed IKE Packet Vulnerability.
  • BID-10083: Cisco IOS Malformed IKE Packet Remote Denial Of Service Vulnerability
  • CVE-2004-0710: IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet.
  • US-CERT VU#904310: Cisco IPsec VPNSM vulnerable to DoS via malformed IKE packet

Platforms Affected:

  • Cisco 6500 Router
  • Cisco 7600 Router
  • Cisco IOS 12.2(14)SY
  • Cisco IOS 12.2(14)ZA
  • Cisco IOS 12.2(14)ZA2
  • Cisco IOS 12.2(17A)SXA
  • Cisco IOS 12.2SXA
  • Cisco IOS 12.2SXB
  • Cisco IOS 12.2SY
  • Cisco IOS 12.2ZA

Reported:

Apr 08, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page