Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Exploit Available For Cisco IKEv1 and IKEv2 Buffer Overflow Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Exploit Available For Cisco IKEv1 and IKEv2 Buffer Overflow Vulnerability

An exploit has been made publicly available for CVE-2016-1287. A patch for the vulnerability, and quite a bit of detail about the vulnerability, was released in February [1]. We recommend you expedite patching this problem if you haven't already done so.


Johannes B. Ullrich, Ph.D.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4467 Posts
ISC Handler
May 17th 2016
This is rated CVSS 10. Pretty bad for a public facing device that will most likely have VPN enabled.

6 Posts
Well, if you have not patched yet, you are 0wned.
We saw 2 boxes reboot within 24 hours of the Feb release of the info (half an hour apart), just an hour or so before the planned emergency patch. So at least probes were in-the-wild within hours.

All configuration was re-applied after the firmware upgrade, as we did not trust the existing config.
Povl H.

79 Posts
best traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode most effective and in single or a couple of context mode. This vulnerability can be triggered via IPv4 and IPv6 traffic.

Sign Up for Free or Log In to start participating in the conversation!