CVE-2025-36118
📋 TL;DR
IBM Storage Virtualize IKEv1 implementation contains an information disclosure vulnerability where remote attackers can extract sensitive data from device memory by sending specially crafted Security Association negotiation requests. This affects IBM Storage Virtualize versions 8.4, 8.5, 8.7, and 9.1. The vulnerability could expose authentication credentials, configuration data, or other sensitive information stored in memory.
💻 Affected Systems
- IBM Storage Virtualize
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain administrative credentials, encryption keys, or sensitive customer data from memory, leading to complete system compromise and data exfiltration.
Likely Case
Attackers extract limited sensitive information such as configuration details, partial credentials, or system metadata that could facilitate further attacks.
If Mitigated
Attackers can only obtain non-sensitive memory fragments or the attack is blocked by network controls.
🎯 Exploit Status
Exploitation requires understanding of IKEv1 protocol and ability to craft SA negotiation requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.4.0.4, 8.5.0.4, 8.7.0.4, 9.1.0.2
Vendor Advisory: https://www.ibm.com/support/pages/node/7250954
Restart Required: Yes
Instructions:
1. Download appropriate fix from IBM Fix Central. 2. Apply fix using IBM Storage Virtualize management interface. 3. Reboot system as required. 4. Verify fix applied successfully.
🔧 Temporary Workarounds
Disable IKEv1
allConfigure systems to use only IKEv2 for IPsec VPN connections
Configure via IBM Storage Virtualize management interface: Network > IPsec > Protocol Settings > Disable IKEv1
Network Segmentation
linuxRestrict access to IKE/ISAKMP ports (UDP 500, UDP 4500) to trusted networks only
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="TRUSTED_NETWORK" port protocol="udp" port="500" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="TRUSTED_NETWORK" port protocol="udp" port="4500" accept'
firewall-cmd --reload
🧯 If You Can't Patch
- Implement strict network access controls to limit IKEv1 traffic to trusted sources only
- Monitor IKEv1 negotiation attempts and investigate any from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check IBM Storage Virtualize version via management interface: System > About. If version is 8.4, 8.5, 8.7, or 9.1 without the fix applied, system is vulnerable.Check Version:
Check via IBM Storage Virtualize CLI: lssystem | grep code_levelVerify Fix Applied:
Verify fix version is installed: 8.4.0.4, 8.5.0.4, 8.7.0.4, or 9.1.0.2 via System > About in management interface.📡 Detection & Monitoring
Log Indicators:
- Multiple IKEv1 SA_INIT requests from single source
- IKEv1 negotiation failures with unusual payloads
- Memory access errors in system logs
Network Indicators:
- Unusual IKEv1 traffic patterns
- SA negotiation requests with malformed payloads
- UDP 500/4500 traffic from unexpected sources
SIEM Query:
source="storage_virtualize" AND (event_type="ike_negotiation" OR port=500 OR port=4500) AND protocol_version="v1" AND (status="failed" OR payload_size>normal)