Intruder Vulnerability Bulletin — Cisco IKE Vulnerability (BENIGNCERTAIN)

Leaked from the NSA’s toolkit of private exploits, this recently disclosed Heartbleed-esque vulnerability can allow an attacker anywhere on the internet to extract sensitive information such as private keys from an affected device. This could then allow them to gain unauthorised access to the internal network and any encrypted traffic sent via the device.

The attacker requires the device to be configured to use IKEv1 or IKEv2 and running either:

• Cisco IOS (see link below for details)
• Cisco IOS XR older than 5.3.x
• Cisco IOS XE (any version).

Cisco has not released a patch or workaround for the vulnerability at this time.

We’ve already checked our customers’ systems and will notify them when an update is made available, but, even if you’re not using Intruder’s continuous monitoring service yet, you can determine if your Cisco devices are vulnerable using the “show version” command.

We recommend monitoring Cisco’s advisory for updates and updating any vulnerable devices as soon as a patch is released. After patching, any private keys on the devices should be regenerated, in case they have been compromised.

Further details of the vulnerability, including a full list of vulnerable software versions can be found at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

‍