Critical VPN key exchange flaw exposes Cisco security appliances to remote hacking

Cisco Systems patched a critical vulnerability that could allow remote attackers to take over Cisco Adaptive Security Appliance (ASA) firewalls configured as virtual private network servers by simply sending malformed network packets to them.

For devices that are designed to protect private networks from Internet attacks, this is as bad as it gets. That’s why Cisco rated the vulnerability with the maximum score of 10 in the Common Vulnerability Scoring System.

The flaw is located in the Cisco ASA code that handles the Internet Key Exchange version 1 (IKEv1) and IKE version 2 (IKEv2) protocols. More precisely, it stems from a buffer overflow condition in the function that processes fragmented IKE payloads.

To read this article in full or to leave a comment, please click here