Information disclosure in Cisco Systems, Inc products - CVE-2016-6415
Published: September 19, 2016 / Updated: June 17, 2021
Vulnerability identifier: #VU532
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2016-6415
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Affected software:
Cisco IOS
Cisco IOS XR
Cisco IOS XE
Cisco IOS
Cisco IOS XR
Cisco IOS XE
Detailed vulnerability description
The vulnerability allows a remote user to access potentially sensitive information on the target system.
The weakness exists due to insufficient checks of IKE packats when handling ISAKMP requests. By sending specially crafted IKEv1 packets to the IKE service via IPv4 or IPv6 a malicious user can obtain memory contents.
Successful exploitation of the vulnerability leads to confidential information disclosure on the vulnerable system.
Note: this vulnerability was being actively exploited in the wild. It was disclosed as part of Equation Group Leak and is reffered as BENIGNCERTAIN exploit.
How to mitigate CVE-2016-6415
Update to version 5.3.x.