More than 840,000 Cisco networking devices from around the world are exposed to a vulnerability that’s similar to one exploited by a hacking group believed to be linked to the U.S. National Security Agency.
The vulnerability was announced by Cisco last week and it affects the IOS, IOS XE, and IOS XR software that powers many of its networking devices. The flaw allows hackers to remotely extract the contents of a device’s memory, which can lead to the exposure of sensitive information.
The vulnerability stems from how the OS processes IKEv1 (Internet Key Exchange version 1) requests. This key exchange protocol is used for VPNs (Virtual Private Networks) and other features that are popular in enterprise environments.