Security News > 2016 > September > BENIGNCERTAIN-like flaw affects various Cisco networking devices (Help Net Security)

BENIGNCERTAIN-like flaw affects various Cisco networking devices (Help Net Security)
2016-09-19 15:16

The leaking of BENIGNCERTAIN, an NSA exploit targeting a vulnerability in legacy Cisco PIX firewalls that allows attackers to eavesdrop on VPN traffic, has spurred Cisco to search for similar flaws in other products – and they found one. CVE-2016-6415 arises from insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. “The IKE protocol is used in the Internet Protocol Security (IPsec) protocol suite to negotiate cryptographic attributes that … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/1AV9txSEskg/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2016-09-19 CVE-2016-6415 Information Exposure vulnerability in Cisco IOS
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.
network
low complexity
cisco CWE-200
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751