The following example shows a crypto map called outside_map configured on the outside interface:Ĭiscoasa# show running-config crypto map | include interfaceĬrypto map outside_map interface outside Note: Due to a misconfiguration or to a partial configuration, the IKEv1 or IKEv2 process may still accept incoming IKE messages even if a crypto map is not configured. Administrators should use the show running-config crypto map | include interface command and verify that it returns output. To determine whether the Cisco ASA is configured to terminate IKEv1 or IKEv2 VPNĬonnections, a crypto map must be configured for at least one
Systems configured in routed firewall mode only and in single or Note: Only traffic directed to the affected system canīe used to exploit this vulnerability. An exploitĬould allow the attacker to execute arbitrary code and obtain fullĬontrol of the system or to cause a reload of the affected system.
Sending crafted UDP packets to the affected system. An attacker could exploit this vulnerability by The vulnerability is due to a buffer overflow in Remote attacker to cause a reload of the affected system or to remotely A vulnerability in the Internet Key Exchange (IKE) version 1 (v1)Īnd IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated,
0 kommentar(er)
