Overview
A vulnerability in Cisco IOS Easy VPN Server may allow unauthorized users to complete XAUTH authentication and potentially access private network resources.
Description
Easy VPN Server Cisco IOS Easy VPN Server allows an IOS device to function as a VPN concentrator, providing authentication and encrypted access to network resources. Easy VPN Server was introduced in IOS 12.2(8)T. |
Impact
A remote attacker may be able to gain unintended access to the private network on the affected device. |
Solution
Apply a patch or upgrade |
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
- http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
- http://secunia.com/advisories/14853
- http://xforce.iss.net/xforce/xfdb/19988
- http://www.securityfocus.com/bid/13031
- http://securitytracker.com/alerts/2005/Apr/1013654.html
- http://www.apps.ietf.org/rfc/rfc2409.html
- http://www.ietf.org/html.charters/ipsec-charter.html
- http://www.apps.ietf.org/rfc/rfc2408.html
Acknowledgements
This vulnerability was reported by the Cisco Systems Product Security Incident Response Team (PSIRT).
This document was written by Will Dormann.
Other Information
CVE IDs: | CVE-2005-1057 |
Severity Metric: | 1.89 |
Date Public: | 2005-04-06 |
Date First Published: | 2005-06-08 |
Date Last Updated: | 2005-06-08 18:53 UTC |
Document Revision: | 20 |