Cisco released a an advisory (CVE-2016-6415) regarding a vulnerability in IKEv1 that affect Cisco IOS, IOS XE and IOS XR software which could allow an unauthenticated malicious user to retrieve memory content leading to disclosure of confidential information

Note: Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.[1] The list of affected products is available here. This vulnerability is rated High by Cisco.

[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status