KAME.Racoon.Unauthorized.IPSec.SA.Deletion
Description
This indicates an attempt to exploit a vulnerability in the KAME IKE daemon (Racoon).
KAME IKE daemon (Racoon) does not properly handle hash values. This allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
Affected Products
All versions of Racoon are affected.
Impact
System compromise: unauthorized deletion of IPSec SA.
Recommended Actions
Currently we are not aware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |