ID CVE-2005-1057
Summary Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."
References
Vulnerable Configurations
  • Cisco IOS 12.2T
    cpe:2.3:o:cisco:ios:12.2t
  • Cisco IOS 12.3
    cpe:2.3:o:cisco:ios:12.3
  • Cisco IOS 12.3T
    cpe:2.3:o:cisco:ios:12.3t
CVSS
Base: 7.5 (as of 14-06-2005 - 11:38)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family CISCO
NASL id CISCO-SA-20050406-XAUTH.NASL
description Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server. Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
last seen 2019-02-21
modified 2018-11-15
plugin id 48984
published 2010-09-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=48984
title Vulnerabilities in the Internet Key Exchange Xauth Implementation - Cisco Systems
oval via4
accepted 2008-09-08T04:00:54.295-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."
family ios
id oval:org.mitre.oval:def:5852
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco Systems IOS Easy VPN Server xauth Extension Access Validation Vulnerability
version 4
refmap via4
cisco 20050406 Vulnerabilities in the Internet Key Exchange Xauth Implementation
Last major update 04-03-2009 - 00:32
Published 02-05-2005 - 00:00
Last modified 10-10-2017 - 21:30
Back to Top