{"vuid":"VU#904310","idnumber":"904310","name":"Cisco IPsec VPNSM vulnerable to DoS via malformed IKE packet","keywords":["Cisco","IPsec","VPNSM","IKE","DoS","denial of service"],"overview":"A vulnerability in a Cisco VPN module can allow a remote attacker to cause a denial-of-service to the device in which the module is installed.","clean_desc":"The Cisco IP Security (IPsec) VPN Services Module (VPNSM) is a high-speed module for the Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Router that provides integrated IPsec Virtual Private Network (VPN) services. The Internet Key Exchange (IKE) protocol is an ancillary protocol to IPsec that facilitates cryptographic key exchange between IPsec-enabled hosts. A malformed IKE packet may cause a device with the VPNSM installed and running certain versions of the Cisco IOS software to crash and reload. The specific nature of the IKE packet malformation exploiting the vulnerability is unknown.","impact":"A malformed Internet Key Exchange (IKE) packet may cause a vulnerable device to crash and reload resulting in a denial of service.","resolution":"Apply a patch from the vendor Cisco Systems has produced patched software to address this vulnerability. Please see the Systems Affected section of this document for more information.","workarounds":"NOTE:  Cisco has specifically stated that there are no workarounds available to completely mitigate this vulnerability. Sites are strongly encouraged to upgrade to a software version that eliminates the vulnerability. Although there is no reliable workaround, Cisco recommends the following mitigation step until patches can be applied: As a possible mitigation, users deploying the VPNSM for site-to-site connectivity could apply ACLs on the Cisco Catalyst 6500 Series Switch or the Cisco 7600 Series Internet Router to limit the IP addresses that can establish IPSec sessions with the VPNSM.","sysaffected":"","thanks":"Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.","author":"This document was written by Chad R Dougherty.","public":["h","t","t","p",":","/","/","w","w","w",".","c","i","s","c","o",".","c","o","m","/","w","a","r","p","/","p","u","b","l","i","c","/","7","0","7","/","c","i","s","c","o","-","s","a","-","2","0","0","4","0","4","0","8","-","v","p","n","s","m",".","s","h","t","m","l"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-04-08T19:40:19Z","publicdate":"2004-04-08T00:00:00Z","datefirstpublished":"2004-06-09T15:29:30Z","dateupdated":"2004-06-15T20:58:36Z","revision":18,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"8","cam_attackeraccessrequired":"18","cam_scorecurrent":"8.1","cam_scorecurrentwidelyknown":"9.72","cam_scorecurrentwidelyknownexploited":"16.2","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.1,"vulnote":null}