Cisco Adaptive Security Appliance XAUTH Bypass Vulnerability

A vulnerability in Internet Key Exchange (IKE) version 1 (v1) code of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to bypass Extended Authentication (XAUTH) and successfully log in via IPsec remote VPN.

The vulnerability is due to improper implementation of the logic of the XAUTH code. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to the affected system. An exploit could allow the attacker to bypass authentication and access the network via remote VPN.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker must authenticate to the targeted device. This access requirement decreases the likelihood of a successful exploit.

This vulnerability affects only Cisco ASA Software configured for IKEv1 IPsec remote access and IKEv1 IPsec LAN-to-LAN. In addition, an attacker would need to know the tunnel group preshared key or have a valid certificate.

Cisco would like to thank Daniel Turner of Trustwave for reporting this vulnerability.