Credit: David Barksdale, Jordan Gruskovnjak, and Alex Wheeler
Cisco’s ASA (Ancient Security Architecture) firewalls had a vulnerability in their IKE fragment re-assembly that permitted remote unauthenticated heap memory corruption. Thanks to a lack of non-executable memory and ASLR protections, these Exodus researchers were able to turn this vulnerability into an epic win just as if they were exploiting a late 90’s Linux box. It just turns out that this late 90’s Linux box happens to be your firewall/NIDS/VPN/IRC Bouncer. Yay.
Cisco ASA IKEv1/IKEv2 Fragmentation Heap Buffer Overflow (CVE-2016-1287)