NSA IPSec IKE Vulnerability BENIGNCERTAIN analysis and example

The NSA ShadowBrokers exploit leak included a tool known as “BenignCertain” which triggers an information leak which may result in credential and private key disclosure to unauthenticated parties. Cisco IOS routers, PIX and ASA firewalls with VPN IKE IPSec enabled may be affected.

The NSA toolkit's bc-genpkt, bc-id and bc-parser binaries can be used to generate vulnerability triggering packets, send the packet and store the response, and parse the information leak to reveal VPN credentials such as username and password. Alternatively, the Metasploit Framework contains a module to scan for and trigger this vulnerability known as cisco_ike_benigncertain.

Example:

The device appears to leak RAM contents when the fault is triggered:

0000   00 00 00 00 00 00 00 02 00 00 00 00 00 00 2e e0
0010   00 00 2e e0 12 a1 fb 48 00 00 00 00 00 00 00 00
0020   00 00 09 ec 00 00 09 d0 00 00 00 01 01 00 00 0e
0030   00 00 09 c4 00 00 00 01 00 00 00 01 0b 83 d4 d4
... [ snip ] ...
0470   0f ff ff ff 0f ff ff ff 00 00 00 00 00 00 00 00
0480   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0490   00 00 00 00 00 00 00 06 A1 44 93 40 00 00 00 00

When conducting subsequent tests, the memory bytes disclosed appear to change which indicates that this is likely vulnerable. Non-Cisco IPSec devices to not dump excessive bytes when responding to the vulnerability trigger (e.g. 10 bytes vs 2500+ bytes for vulnerable devices device).
However, it is important to note that the usable exploit only affects Cisco PIX devices. This device may be vulnerable but due to slightly different implementation may be leaking less valuable information to an attacker or requires tweaking using the NSA bc-genpkt tool.
Recommendation:
​Ensure the latest patched IOS firmware is installed. If the firmware is confirmed as vulnerable, the preshared VPN keys should also be changed and private keys on the device should be regenerated.
Risk:
High.