Overview
Cisco IOS Easy VPN Server fails to properly process ISAKMP profile attributes. This may allow a remote, unauthenticated attacker to access the private network.
Description
Easy VPN Server Cisco IOS Easy VPN Server allows an IOS device to function as a VPN concentrator, providing authentication and encrypted access to network resources. Easy VPN Server was introduced in IOS 12.2(8)T. |
Impact
A remote attacker may be able to gain unintended access to the private network on the affected device. |
Solution
Apply a patch or upgrade |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
- http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
- http://secunia.com/advisories/14853
- http://xforce.iss.net/xforce/xfdb/19988
- http://www.securityfocus.com/bid/13031
- http://securitytracker.com/alerts/2005/Apr/1013654.html
- http://www.apps.ietf.org/rfc/rfc2409.html
- http://www.ietf.org/html.charters/ipsec-charter.html
- http://www.apps.ietf.org/rfc/rfc2408.html
Acknowledgements
This vulnerability was reported by the Cisco Systems Product Security Incident Response Team (PSIRT).
This document was written by Will Dormann.
Other Information
CVE IDs: | CVE-2005-1058 |
Severity Metric: | 2.65 |
Date Public: | 2005-04-06 |
Date First Published: | 2005-06-08 |
Date Last Updated: | 2005-06-08 18:55 UTC |
Document Revision: | 13 |