CVE-2016-6415
CVE-2016-6415
In short
Cisco IOS and related devices leak sensitive information from memory during IKEv1 security negotiations. An attacker can extract this data without authentication, potentially revealing passwords or encryption keys.
Technical detail
The IKEv1 implementation in affected Cisco platforms fails to properly sanitize memory buffers during Security Association negotiation, allowing unauthenticated remote attackers to read sensitive data through crafted SA requests. Pre-condition: IKEv1 service must be enabled; impact includes disclosure of credentials and cryptographic material.
Summary generated and translated by AI from the official description.
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/apublic PoCs found — 2
githubgithub.com/3ndG4me/CVE-2016-6415-BenignCertain-Monitor★ 11exploitdbwww.exploit-db.com/exploits/43383unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →