We have perform a vulnerability scan for our network and found a high risk vulnerability result as stated below:
"H IsakmpSpiSizeBo: ISAKMP spi size buffer overflow
Additional Information More Information
Internet Security Association and Key Management Protocol (ISAKMP) is a key exchange protocol signature. ISAKMP is vulnerable to a
buffer overflow. A remote attacker can send a specially-crafted ISAKMP payload to a vulnerable VPN client or server to overflow a buffer
and execute arbitrary code on the system, possibly with administrative privileges.
The supported operating systems in the Platforms Affected list are only vulnerable if they use the LibKmp ISAKMP library. Only VPN
or firewall products which implement the Entrust LibKmp ISAKMP library are vulnerable.
Apply the appropriate hotfix for this vulnerability, as listed in the Symantec Security Response SYM04-012 and available from the
Symantec FTP Update Web site. See References."
I have search it on cisco but found no clue on resolving the issue. Our firewall is PIX 506E model.
Your inputs are highly appreciated.