The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS prior to 15.1(1)SY3 does not require authentication, which allows remote malicious users to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco ios |
||
cisco ios 15.1\\(1\\)sy |
||
cisco ios 15.1\\(1\\)sy1 |
||
cisco ios 15.1 |