As a follow on to last week’s posts on why patching is critical and the CERT alert on The Shadow Broker’s release of a whole raft of firewall hacks, this week Cisco is announcing that their software is vulnerable to attack, there is no workaround and they are working on patches. BUT, there is a silver lining.
First, the problem. There is a bug in their implementation of the IKE key exchange protocol that is used by their VPN access routines.
Now the good news.
- The bug affects IOS XR versions 4.3.x to 5.2.x, but releases 5.3 x and newer are not affected
- The bug also affects PIX firewalls version 6.x and prior, but versions 7.0 and later are not affected.
IOS XR 5.3 was released last January.
Cisco PIX has reached end of life status and is not supported anymore.
So first, we are already seeing fallout from the Shadow Broker release and Cisco, at least, is starting to issue patches.
Second, if you are being good about patches and not running obsolete software, at least in this case, you would not be vulnerable to this particular exploit.
This just reinforces my comment from last week to be religious about patching. It is critical.
Information for this post came from Network World.
For a complete list of all software affected, read the Cisco announcement here.