Test Kennung:	1.3.6.1.4.1.25623.1.0.106261
Kategorie:	CISCO
Titel:	Cisco IOS XR Software IKEv1 Information Disclosure Vulnerability (cisco-sa-20160916-ikev1)
Zusammenfassung:	A vulnerability in Internet Key Exchange version 1 (IKEv1); packet processing code in Cisco IOS XR Software could allow an unauthenticated, remote attacker; to retrieve memory contents, which could lead to the disclosure of confidential information.
Beschreibung:	Summary: A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Vulnerability Insight: The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests. Vulnerability Impact: A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6415 BugTraq ID: 93003 http://www.securityfocus.com/bid/93003 Cisco Security Advisory: 20160916 IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1 http://www.securitytracker.com/id/1036841
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.