Cisco Patches Its Operating Systems Against New IKE Crypto Attack

Cisco

Cisco Patches Its Operating Systems Against New IKE Crypto Attack

CISCO SYSTEMS INC. IS THE WORLDWIDE LEADER in networking for the Internet. The company was founded in 1984 by two computer scientists from Stanford University seeking an easier way to connect different types of computer systems.

Cisco Systems shipped its first product in 1986 and is now a multi-national corporation, with over 35,000 employees in more than 115 countries. Today, Cisco solutions are the networking foundations for service providers, small to medium business and enterprise customers which includes corporations, government agencies, utilities and educational institutions.

Cisco, one of the world’s largest vendor of networking equipment, released security updates today to patch a vulnerability in the IOS and IOS XE operating systems that run the vast majority of its devices.

The vulnerability is tracked as CVE-2018-0131 and is one of four CVE identifiers for a new Bleichenbacher oracle cryptographic attack against the IKE (Internet  Key Exchange) protocol.

 

 

Cisco

 

 

Patches address new cryptographic attack

 

Researchers say their attack works against the IKEv1 implementations of Cisco (CVE-2018-0131), Hua­wei (CVE-2017-17305), Cla­vis­ter (CVE-2018-8753), and ZyXEL (CVE-2018-9129).

The research team, made up of three academics from the Ruhr-University Bochum, Germany and two from the University of Opole, Poland, say they notified vendors that had products vulnerable to this attack.

“All ven­dors pu­blis­hed fixes or re­mo­ved the par­ti­cu­lar au­then­ti­ca­ti­on me­thod from their de­vices’ firm­wares in re­s­pon­se to our re­ports,” researchers said.

 

cryptographic

 

 

 

Cisco IOS and IOS XE affected, but not IOS XR

 

Cisco was by far the biggest vendor affected by this flaw, and the hardest hit. CVE-2018-0131 affects the company’s main product, the IOS (Internetworking Operating System), and its Linux-based offshoot, IOS XE.

The IOS XR operating system, which runs on a different codebase and is used mainly for carrier-grade routers, is not affected.

 

operating system

 

 

Attackers can recover VPN sessions

 

According to Cisco, this flaw “could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session.”

“The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces,” Cisco said in a security advisory.

 

 attacker

 

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Internet Of Things Training in Bhubaneswar

Internet Of Things Training in Bangalore

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Show Buttons
Hide Buttons