Vulnerabilities and Threats

Intruder Vulnerability Bulletin — Cisco IKE Vulnerability (BENIGNCERTAIN)

David Robinson
David Robinson

Key Points

Leaked from the NSA’s toolkit of private exploits, this recently disclosed Heartbleed-esque vulnerability can allow an attacker anywhere on the internet to extract sensitive information such as private keys from an affected device. This could then allow them to gain unauthorised access to the internal network and any encrypted traffic sent via the device.

The attacker requires the device to be configured to use IKEv1 or IKEv2 and running either:

  • Cisco IOS (see link below for details)
  • Cisco IOS XR older than 5.3.x
  • Cisco IOS XE (any version).

Cisco has not released a patch or workaround for the vulnerability at this time.

We’ve already checked our customers’ systems and will notify them when an update is made available, but, even if you’re not using Intruder’s continuous monitoring service yet, you can determine if your Cisco devices are vulnerable using the “show version” command.

We recommend monitoring Cisco’s advisory for updates and updating any vulnerable devices as soon as a patch is released. After patching, any private keys on the devices should be regenerated, in case they have been compromised.

Further details of the vulnerability, including a full list of vulnerable software versions can be found at:

Get our free

Ultimate Guide to Vulnerability Scanning

Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.

Sign up for your free 14-day trial

7 days free trial