An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software.
The vulnerability is due to a logic error introduced via a code regression for the affected software. Cisco Bug IDs: CSCvc41277.Ī vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN Remote-access VPN, excluding SSL VPN Dynamic Multipoint VPN (DMVPN) and FlexVPN.
A device does not need to be configured with any IKEv2-specific features to be vulnerable. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled.
This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. The vulnerability is due to how an affected device processes certain IKEv2 packets. A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition.
0 kommentar(er)
