Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cisco VPNs Open To Denial-Of-Service Attacks

A flaw in one of the protocols used by Cisco Systems' VPN 3000 Series concentrators could open up the devices to denial-of-service attacks.

The vulnerability lies in the Internet Key Exchange (IKE) Protocol, which enables remote IPsec VPN access. The flaw could allow an attacker to cripple a VPN 3000 Series concentrator by flooding it with IKE requests and making it unable to handle legitimate traffic, according to security researcher Roy Hills of U.K.-based security research firm NTA Monitor, who discovered the vulnerability last July and posted his findings to the Full Disclosure mailing list Wednesday.

Attackers don't need to be logged in to exploit the flaw because the problem occurs before the authentication stage, Hills wrote. Also, intrusion detection and prevention systems are likely to be ineffective because the traffic consists of genuine IKE packets, he said.

Cisco's VPN 3000 Series concentrators are designed for enterprise deployments and can support 200 to 10,000 simultaneous IPSec remote access users.

In an advisory issued Wednesday, Cisco's Product Security Incident Response Team (PSIRT) said the vulnerability is in version 1 of the IKE protocol and isn't related to vendor-specific hardware. Other Cisco products that use IKE version 1 include the Adaptive Security Appliance (ASA) line, PIX firewall and Cisco Internetworking Operating System (IOS) software.

  • 1