Name of the Vulnerable Software and Affected Versions:

Cisco IOS versions 12.2 through 12.4 and 15.0 through 15.6

Cisco IOS XE versions through 3.18S

Cisco IOS XR versions 4.3.x and 5.0.x through 5.2.x

Cisco PIX versions prior to 7.0

Description:

A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests.

Recommendations:

For Cisco IOS versions 12.2 through 12.4 and 15.0 through 15.6, update to a fixed version once available.

For Cisco IOS XE versions through 3.18S, update to a fixed version once available.

For Cisco IOS XR versions 4.3.x and 5.0.x through 5.2.x, update to a fixed version once available.

For Cisco PIX versions prior to 7.0, update to version 7.0 or later.

As a temporary workaround, consider disabling IKEv1 security negotiation requests on affected devices until a patch is available.