RCE Vulnerabilities found in IKE
Numerous exploits have been found in the wild targeting Windows Internet Key Exchange Protocol Extensions.
The discovered vulnerabilities could have been exploited to target systems. The attacks observed would be part of a campaign that roughly translates to bleed you by a Mandarin-speaking threat actor.
Resesrchers observed that the unknown hackers sharing an exploit link on underground forums, which could be used to target vulnerable systems.
The vulnerability lies in the code used to handle the IKEv1protocol, which is deprecated but compatible with legacy systems. The IKEv2 is not impacted, the vulnerability affects all Windows Servers because they accept both V1 and V2 packets, making the flaw critical.
Memory corruption occurs when Page Heap in the system is enabled for the Internet Key Exchange process. The exe process hosting the Internet Key Exchange protocol service crashes while attempting to read data beyond an allocated buffer.
Microsoft has allocated CVE-2022-34721 to the issue and fixed it by adding a check on incoming data length and skipping processing of that data if the length is too small.
Customers are advised to patch the vulnerability. This research was documented by researchers from Cyfirma.