Test ID:	1.3.6.1.4.1.25623.1.0.106260
Category:	CISCO
Title:	Cisco IOS XE Software IKEv1 Information Disclosure Vulnerability
Summary:	A vulnerability in IKEv1 packet processing code in Cisco IOS XE Software;could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure;of confidential information.
Description:	Summary: A vulnerability in IKEv1 packet processing code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Vulnerability Insight: The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests. Vulnerability Impact: A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Solution: The vendor has released updates, please see the referenced vendor advisory for more information on the fixed versions. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6415 BugTraq ID: 93003 http://www.securityfocus.com/bid/93003 Cisco Security Advisory: 20160916 IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1 http://www.securitytracker.com/id/1036841
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.