Looks like a flaw in the ISAKMP portion of IPsec is vulnerable to a variety of vendor-specific flaws which could include DoS, format string attacks, and buffer overflows. Thought it was worth a mention.
source
Printable View
Looks like a flaw in the ISAKMP portion of IPsec is vulnerable to a variety of vendor-specific flaws which could include DoS, format string attacks, and buffer overflows. Thought it was worth a mention.
source
Only problem I don't like about that article's assesment is that all that VPN's "interesting" traffic is applied after access lists (Cisco anyways). Meaning, if it's a dedicated Poing-to-Point VPN and you have any other traffic allowed to even hit the interface you deserve to have your network compromised.
For remote access VPN I guess there could be an issue, but of course they did not describe the nature of this vulnerability so I can only guess.
I think they could just as easily say anything you connect to the internet, if it's not configured properly, is vulnerable. I would agree with this statement and I don't think it's much different than what they put in their article.