ISAKMP Vulnerable to DoS and Execution of Arbitrary Code

Internet Security Association and Key Management Protocol (ISAKMP) contains a vulnerability that might lead to denial of service attacks or the execution of arbitrary code. The vulnerability can be exploited by sending malformed Internet Key Exchange (IKE) packets. IKE is commonly used in IPSEC solutions. Affected products include software- and hardware-based solutions produced by Juniper Networks, Cisco Systems, SecGo Solutions, Stonesoft, Nortel, Sun Microsystems, and possibly other vendors. Microsoft reported that none if its products are vulnerable to this problem. If your network uses IKE or IPSEC then check with your vendor to determine your vulnerability status.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish