Thursday, February 11, 2016

Coverage for CVE-2016-1287 in the Snort Subscriber Rule Set

We've been receiving a lot of questions regarding our coverage for the Cisco ASA IKEv1 and IKEv2 Buffer Overflow Vulnerability.

We wanted to let our customers know that we released coverage for this vulnerability on December 1, 2015 in the form of a Shared Object rule.  Detection was enabled by default in the balanced policy (on by default for Open Source in the Snort Subscriber Rule Set).  Following the patch, yesterday that rule was converted from a Shared Object rule to a plaintext rule and released in the ruleset.

Since this is a modification to an existing rule, and the release date was over 30 days ago, it's available to all Registered users and Subscribers of the Snort Subscriber Rule Set.

As is the case with all of our Shared Object rules, to include the Zero Days that Talos has discovered and disclosed to the appropriate vendors, you'll want to stay up to date as much as possible with the ruleset.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at Make sure and stay up to date to catch the most emerging threats!

Thank you!