It has not been a great week or two for Cisco. And with the impending Black Hat and Defcon conferences around the corner things are just going to get worse. Yesterday afternoon yet another Cisco vulnerability was announced. This time it was specific to their implementation of IKE or Internet Key Exchange which is susceptable to a resource exhaust attack which is basically little more than a denial of service.
The attack against the Internet Key Exchange (IKE) protocol described in the NTA Monitor advisory exploits the stateless nature of the IKE version 1 protocol. The goal of such an attack is to deplete the resources available on a device to negotiate IKE security associations, and block legitimate users from establishing a new security association.
Advisory (.pdf)
[tags]Cisco, IKE Vulnerability, IOS Software, PIX, Black Hat, Defcon[/tags]