Vigil@nce: Cisco IOS, IKE connection without OCSP
April 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker with a revoked certificate can create an IPsec tunnel
with Cisco IOS.
– Severity: 2/4
– Creation date: 18/04/2011
IMPACTED PRODUCTS
– Cisco IOS
– Cisco Router
DESCRIPTION OF THE VULNERABILITY
The ISAKMP/IKE protocol is used to exchange keys in order to
establish an IPsec tunnel.
Cisco IOS keeps in its cache keys that were previously used, until
the next reboot. However, if in the meantime a certificate was
revoked, Cisco IOS does not use OCSP (Online Certificate Status
Protocol) to detect it.
An attacker with a revoked certificate can therefore create an
IPsec tunnel with Cisco IOS.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IOS-IKE-connection-without-OCSP-10573