Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1150
Views
0
Helpful
2
Replies

CSCux29978 on systems not configured for IKE

Go to solution
awysocki
Level 1
Level 1

‎02-11-2016 06:41 AM - edited ‎03-20-2019 08:51 PM

For firewalls which do not have Ikev1 or v2 enabled/configured, could the remote code still be executed and either force the reboot or allow for remotely executing code?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rvarelac
Level 7
Level 7

‎02-11-2016 08:56 AM

Hi awysocki

The documentation states you need either a Site-to-Site tunnel running Ikev1 or ikev2 , or a remote connection with ipsec technologies. If you don't have any of those technologies the exploit can't be executed. 

You can check if the IPSec is enabled with the command:

 ciscoasa# show running-config crypto map | include interface
    crypto map outside_map interface outside

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

Hope it helps

-Randy-

View solution in original post

0 Helpful
2 Replies 2

Go to solution
rvarelac
Level 7
Level 7

‎02-11-2016 08:56 AM

Hi awysocki

The documentation states you need either a Site-to-Site tunnel running Ikev1 or ikev2 , or a remote connection with ipsec technologies. If you don't have any of those technologies the exploit can't be executed. 

You can check if the IPSec is enabled with the command:

 ciscoasa# show running-config crypto map | include interface
    crypto map outside_map interface outside

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

Hope it helps

-Randy-

0 Helpful

Go to solution
awysocki
Level 1
Level 1
In response to rvarelac

‎02-11-2016 09:54 AM

Thanks. I apparently skipped that section when reading through.

0 Helpful
Customers Also Viewed These Support Documents