Here a nice explanation of the vulnerability: <a href="https://blog.exodusintel.com/2016/02/10/firewall-hacking/" rel="nofollow">https://blog.exodusintel.com/2016/02/10/firewall-hacking/</a><p>There is also a Snort signature to detect attempts to exploit this vulnerability.
Cisco was also rushed to release the fix, as all of the new builds are tagged 'interim' and warn users that they have bugs and stability problems that will be fixed later. Most notably, several issues with ASA Clustering were found in the new builds. So you're damned if you do, damned if you don't.
Edit...this is wrong-> <i>It's specific to Cisco ASA firewalls with a version level < 9.1(7), which was released in January of 2015.</i><p>Edit: Gelob, below, is right. There's a really unfortunate "read more" link that hides the important bits on Cisco's documentation and caused my confusion.
Here's an overview of devices that are running IKE on the Internet at the moment: <a href="https://www.shodan.io/report/h2Naw1fd" rel="nofollow">https://www.shodan.io/report/h2Naw1fd</a>
As someone who used to work at Cisco, I'm not surprised. Everything is coded in C, and there are memory leaks all over the place because releases are made before most of these bugs are fixed.
> Note: Only traffic directed to the affected system can be used to exploit this vulnerability.<p>I'm confused, how else would the system be compromised, by directing traffic at the moon?<p>Running an EOL ASA in colo on v8.2. Have been holding out due to the post-v8.2 changes to NAT. Looks like you need a SmartNET contract to get the fix, unfortunate, many legacy devices will left vulnerable as a result.<p>Well, there goes the weekend...