Cisco patches Equation group exploit in IOS, IOS XE, and IOS XR devices

Cisco patches Equation group exploit in IOS, IOS XE, and IOS XR devices

Cisco Systems has patched a vulnerability similar to one exploited by a cyberespionage group believed to be linked to the U.S. National Security Agency.

The vulnerability affects networking devices running Cisco’s IOS, IOS XE, and IOS XR operating systems that process IKEv1 (Internet Key Exchange version 1) packets. When exploited, it allows remote unauthenticated attackers to extract contents from a device’s memory, potentially leading to the exposure of sensitive and confidential information.

IKE is a key exchange protocol used by several popular features including LAN-to-LAN VPN (Virtual Private Network), remote access VPN, Dynamic Multipoint VPN (DMVPN), and Group Domain of Interpretation (GDOI). It is likely to be enabled on many Cisco devices in enterprise environments.

To read this article in full or to leave a comment, please click here

Source: Security

0Shares

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.