Cisco IOS XR IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN)

high Nessus Plugin ID 93738

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version and configuration, the Cisco IOS XR software running on the remote device is affected by an information disclosure vulnerability, known as BENIGNCERTAIN, in the Internet Key Exchange version 1 (IKEv1) subsystem due to improper handling of IKEv1 security negotiation requests. An unauthenticated, remote attacker can exploit this issue, via a specially crafted IKEv1 packet, to disclose memory contents, resulting in the disclosure of confidential information including credentials and configuration settings.

BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and exploits disclosed on 2016/08/14 by a group known as the Shadow Brokers.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvb29204.

See Also

http://www.nessus.org/u?b7f2c76c

http://www.nessus.org/u?4c7e0cf3

https://blogs.cisco.com/security/shadow-brokers

Plugin Details

Severity: High

ID: 93738

File Name: cisco-sa-20160916-ikev1-iosxr.nasl

Version: 1.10

Type: combined

Family: CISCO

Published: 9/27/2016

Updated: 5/20/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2016-6415

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xr

Required KB Items: Host/Cisco/IOS-XR/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/16/2016

Vulnerability Publication Date: 8/14/2016

CISA Known Exploited Vulnerability Due Dates: 6/9/2023

Reference Information

CVE: CVE-2016-6415

BID: 93003

CISCO-SA: cisco-sa-20160916-ikev1

CISCO-BUG-ID: CSCvb29204