ID CVE-2005-3669
Summary Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
References
Vulnerable Configurations
  • Cisco Firewall Services Module
    cpe:2.3:h:cisco:firewall_services_module
  • Cisco Firewall Services Module 1.1.2
    cpe:2.3:h:cisco:firewall_services_module:1.1.2
  • Cisco Firewall Services Module 1.1.3
    cpe:2.3:h:cisco:firewall_services_module:1.1.3
  • Cisco Firewall Services Module 1.1 (3.005)
    cpe:2.3:h:cisco:firewall_services_module:1.1_%283.005%29
  • Cisco Firewall Services Module 2.1 (0.208)
    cpe:2.3:h:cisco:firewall_services_module:2.1_%280.208%29
  • Cisco VPN 3000 Concentrator Series Software 2.0
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0
  • Cisco VPN 3000 Concentrator Series Software 2.5.2.a
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a
  • Cisco VPN 3000 Concentrator Series Software 2.5.2.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b
  • Cisco VPN 3000 Concentrator Series Software 2.5.2.c
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c
  • Cisco VPN 3000 Concentrator Series Software 2.5.2.d
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d
  • Cisco VPN 3000 Concentrator Series Software 2.5.2.f
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f
  • Cisco VPN 3000 Concentrator Series Software 3.0
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0
  • Cisco VPN 3000 Concentrator Series Software 3.0.3.a
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a
  • Cisco VPN 3000 Concentrator Series Software 3.0.3.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b
  • Cisco VPN 3000 Concentrator Series Software 3.0.4
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4
  • Cisco VPN 3000 Concentrator Series Software 3.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1
  • Cisco VPN 3000 Concentrator Series Software 3.1 (Rel)
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1%28rel%29
  • Cisco VPN 3000 Concentrator Series Software 3.1.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1
  • Cisco VPN 3000 Concentrator Series Software 3.1.2
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2
  • Cisco VPN 3000 Concentrator Series Software 3.1.4
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4
  • Cisco VPN 3000 Concentrator Series Software 3.5 (Rel)
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5%28rel%29
  • Cisco VPN 3000 Concentrator Series Software 3.5.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1
  • Cisco VPN 3000 Concentrator Series Software 3.5.2
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2
  • Cisco VPN 3000 Concentrator Series Software 3.5.3
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3
  • Cisco VPN 3000 Concentrator Series Software 3.5.4
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4
  • Cisco VPN 3000 Concentrator Series Software 3.5.5
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5
  • Cisco VPN 3000 Concentrator Series Software 3.6
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6
  • Cisco VPN 3000 Concentrator Series Software 3.6.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1
  • Cisco VPN 3000 Concentrator Series Software 3.6.7
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7
  • Cisco VPN 3000 Concentrator Series Software 3.6.7d
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d
  • Cisco VPN 3000 Concentrator Series Software 4.0
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0
  • Cisco VPN 3000 Concentrator Series Software 4.0.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.1
  • Cisco VPN 3000 Concentrator Series Software 4.0.5.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.5.b
  • Cisco VPN 3000 Concentrator Series Software 4.1.5.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.5.b
  • Cisco VPN 3000 Concentrator Series Software 4.1.7.a
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.a
  • Cisco VPN 3000 Concentrator Series Software 4.1.7.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.b
  • Cisco VPN 3000 Concentrator Series Software 4.7.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1
  • Cisco VPN 3000 Concentrator Series Software 4.7.1.f
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1.f
  • Cisco IOS 12.2SXD
    cpe:2.3:o:cisco:ios:12.2sxd
  • Cisco IOS 12.3T
    cpe:2.3:o:cisco:ios:12.3t
  • Cisco IOS 12TPC
    cpe:2.3:o:cisco:ios:12.3tpc
  • Cisco IOS 12.3XD
    cpe:2.3:o:cisco:ios:12.3xd
  • Cisco IOS 12.3XE
    cpe:2.3:o:cisco:ios:12.3xe
  • Cisco IOS 12.3XF
    cpe:2.3:o:cisco:ios:12.3xf
  • Cisco IOS 12.3XG
    cpe:2.3:o:cisco:ios:12.3xg
  • Cisco IOS 12.3XH
    cpe:2.3:o:cisco:ios:12.3xh
  • Cisco IOS 12.3XI
    cpe:2.3:o:cisco:ios:12.3xi
  • Cisco IOS 12.3XJ
    cpe:2.3:o:cisco:ios:12.3xj
  • Cisco IOS 12.3XK
    cpe:2.3:o:cisco:ios:12.3xk
  • Cisco IOS 12.3XM
    cpe:2.3:o:cisco:ios:12.3xm
  • Cisco IOS 12.3XQ
    cpe:2.3:o:cisco:ios:12.3xq
  • Cisco IOS 12.3XR
    cpe:2.3:o:cisco:ios:12.3xr
  • Cisco IOS 12.3XS
    cpe:2.3:o:cisco:ios:12.3xs
  • Cisco IOS 12.3XU
    cpe:2.3:o:cisco:ios:12.3xu
  • Cisco IOS 12.3XW
    cpe:2.3:o:cisco:ios:12.3xw
  • Cisco IOS 12.3XX
    cpe:2.3:o:cisco:ios:12.3xx
  • Cisco IOS 12.3YA
    cpe:2.3:o:cisco:ios:12.3ya
  • Cisco IOS 12.3YD
    cpe:2.3:o:cisco:ios:12.3yd
  • Cisco IOS 12.3YF
    cpe:2.3:o:cisco:ios:12.3yf
  • Cisco IOS 12.3YG
    cpe:2.3:o:cisco:ios:12.3yg
  • Cisco IOS 12.3YH
    cpe:2.3:o:cisco:ios:12.3yh
  • Cisco IOS 12.3YI
    cpe:2.3:o:cisco:ios:12.3yi
  • Cisco IOS 12.3YJ
    cpe:2.3:o:cisco:ios:12.3yj
  • Cisco IOS 12.3YK
    cpe:2.3:o:cisco:ios:12.3yk
  • Cisco IOS 12.3YM
    cpe:2.3:o:cisco:ios:12.3ym
  • Cisco IOS 12.3YQ
    cpe:2.3:o:cisco:ios:12.3yq
  • Cisco IOS 12.3YS
    cpe:2.3:o:cisco:ios:12.3ys
  • Cisco IOS 12.3YT
    cpe:2.3:o:cisco:ios:12.3yt
  • Cisco IOS 12.3YU
    cpe:2.3:o:cisco:ios:12.3yu
  • Cisco IOS 12.3 YW
    cpe:2.3:o:cisco:ios:12.3yw
  • Cisco IOS 12.3YX
    cpe:2.3:o:cisco:ios:12.3yx
  • Cisco IOS 12.4
    cpe:2.3:o:cisco:ios:12.4
  • Cisco IOS 12.4T
    cpe:2.3:o:cisco:ios:12.4t
  • Cisco IOS 12.4XA
    cpe:2.3:o:cisco:ios:12.4xa
  • Cisco IOS 12.4XB
    cpe:2.3:o:cisco:ios:12.4xb
  • Cisco Adaptive Security Appliance (ASA) Software 7.0
    cpe:2.3:a:cisco:adaptive_security_appliance_software:7.0
  • cpe:2.3:a:cisco:pix_firewall:6.2.2_.111
    cpe:2.3:a:cisco:pix_firewall:6.2.2_.111
  • cpe:2.3:a:cisco:pix_firewall:6.2.3_%28110%29
    cpe:2.3:a:cisco:pix_firewall:6.2.3_%28110%29
  • cpe:2.3:a:cisco:pix_firewall:6.3.3_%28133%29
    cpe:2.3:a:cisco:pix_firewall:6.3.3_%28133%29
  • Cisco MDS 9000
    cpe:2.3:h:cisco:mds_9000
  • Cisco MDS 9000 SAN-OS 1.3 (3.33)
    cpe:2.3:o:cisco:mds_9000_san-os:1.3%283.33%29
  • Cisco MDS 9000 SAN-OS 1.3 (4a)
    cpe:2.3:o:cisco:mds_9000_san-os:1.3%284a%29
  • Cisco MDS 9000 SAN-OS 2.0 (0.86)
    cpe:2.3:o:cisco:mds_9000_san-os:2.0%280.86%29
  • Cisco PIX Firewall 6.1.5 (104)
    cpe:2.3:o:cisco:pix_firewall:6.1.5%28104%29
  • Cisco PIX Firewall Software 2.7
    cpe:2.3:o:cisco:pix_firewall_software:2.7
  • Cisco PIX Firewall Software 3.0
    cpe:2.3:o:cisco:pix_firewall_software:3.0
  • Cisco PIX Firewall Software 3.1
    cpe:2.3:o:cisco:pix_firewall_software:3.1
  • Cisco PIX Firewall Software 4.0
    cpe:2.3:o:cisco:pix_firewall_software:4.0
  • Cisco PIX Firewall Software 4.1(6)
    cpe:2.3:o:cisco:pix_firewall_software:4.1%286%29
  • Cisco PIX Firewall Software 4.1.6 b
    cpe:2.3:o:cisco:pix_firewall_software:4.1%286b%29
  • Cisco PIX Firewall Software 4.2
    cpe:2.3:o:cisco:pix_firewall_software:4.2
  • Cisco PIX Firewall Software 4.2.1
    cpe:2.3:o:cisco:pix_firewall_software:4.2%281%29
  • Cisco PIX Firewall Software 4.2.2
    cpe:2.3:o:cisco:pix_firewall_software:4.2%282%29
  • Cisco PIX Firewall Software 4.2(5)
    cpe:2.3:o:cisco:pix_firewall_software:4.2%285%29
  • Cisco PIX Firewall Software 4.3
    cpe:2.3:o:cisco:pix_firewall_software:4.3
  • Cisco PIX Firewall Software 4.4
    cpe:2.3:o:cisco:pix_firewall_software:4.4
  • Cisco PIX Firewall Software 4.4(4)
    cpe:2.3:o:cisco:pix_firewall_software:4.4%284%29
  • Cisco PIX Firewall Software 4.4(7.202)
    cpe:2.3:o:cisco:pix_firewall_software:4.4%287.202%29
  • Cisco PIX Firewall Software 4.4(8)
    cpe:2.3:o:cisco:pix_firewall_software:4.4%288%29
  • Cisco PIX Firewall Software 5.0
    cpe:2.3:o:cisco:pix_firewall_software:5.0
  • Cisco PIX Firewall Software 5.1
    cpe:2.3:o:cisco:pix_firewall_software:5.1
  • Cisco PIX Firewall Software 5.1(4)
    cpe:2.3:o:cisco:pix_firewall_software:5.1%284%29
  • Cisco PIX Firewall Software 5.1 (4.206)
    cpe:2.3:o:cisco:pix_firewall_software:5.1%284.206%29
  • Cisco PIX Firewall Software 5.2
    cpe:2.3:o:cisco:pix_firewall_software:5.2
  • Cisco PIX Firewall Software 5.2(1)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%281%29
  • Cisco PIX Firewall Software 5.2 (2)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%282%29
  • Cisco PIX Firewall Software 5.2 (3.210)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%283.210%29
  • Cisco PIX Firewall Software 5.2 (5)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%285%29
  • Cisco PIX Firewall Software 5.2 (6)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%286%29
  • Cisco PIX Firewall Software 5.2(7)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%287%29
  • Cisco PIX Firewall Software 5.2 (9)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%289%29
  • Cisco PIX Firewall Software 5.3
    cpe:2.3:o:cisco:pix_firewall_software:5.3
  • Cisco PIX Firewall Software 5.3(1)
    cpe:2.3:o:cisco:pix_firewall_software:5.3%281%29
  • Cisco PIX Firewall Software 5.3(1.200)
    cpe:2.3:o:cisco:pix_firewall_software:5.3%281.200%29
  • Cisco PIX Firewall Software 5.3(2)
    cpe:2.3:o:cisco:pix_firewall_software:5.3%282%29
  • Cisco PIX Firewall Software 5.3(3)
    cpe:2.3:o:cisco:pix_firewall_software:5.3%283%29
  • Cisco PIX Firewall Software 6.0
    cpe:2.3:o:cisco:pix_firewall_software:6.0
  • Cisco PIX Firewall Software 6.0(1)
    cpe:2.3:o:cisco:pix_firewall_software:6.0%281%29
  • Cisco PIX Firewall Software 6.0(2)
    cpe:2.3:o:cisco:pix_firewall_software:6.0%282%29
  • Cisco PIX Firewall Software 6.0(3)
    cpe:2.3:o:cisco:pix_firewall_software:6.0%283%29
  • Cisco PIX Firewall Software 6.0(4)
    cpe:2.3:o:cisco:pix_firewall_software:6.0%284%29
  • Cisco PIX Firewall Software 6.0(4.101)
    cpe:2.3:o:cisco:pix_firewall_software:6.0%284.101%29
  • Cisco PIX Firewall Software 6.1
    cpe:2.3:o:cisco:pix_firewall_software:6.1
  • Cisco PIX Firewall Software 6.1(1)
    cpe:2.3:o:cisco:pix_firewall_software:6.1%281%29
  • Cisco PIX Firewall Software 6.1(2)
    cpe:2.3:o:cisco:pix_firewall_software:6.1%282%29
  • Cisco PIX Firewall Software 6.1(3)
    cpe:2.3:o:cisco:pix_firewall_software:6.1%283%29
  • Cisco PIX Firewall Software 6.1(4)
    cpe:2.3:o:cisco:pix_firewall_software:6.1%284%29
  • Cisco PIX Firewall Software 6.1(5)
    cpe:2.3:o:cisco:pix_firewall_software:6.1%285%29
  • Cisco PIX Firewall Software 6.2
    cpe:2.3:o:cisco:pix_firewall_software:6.2
  • Cisco PIX Firewall Software 6.2(1)
    cpe:2.3:o:cisco:pix_firewall_software:6.2%281%29
  • Cisco PIX Firewall Software 6.2(2)
    cpe:2.3:o:cisco:pix_firewall_software:6.2%282%29
  • Cisco PIX Firewall Software 6.2(3)
    cpe:2.3:o:cisco:pix_firewall_software:6.2%283%29
  • Cisco PIX Firewall Software 6.2 (3.100)
    cpe:2.3:o:cisco:pix_firewall_software:6.2%283.100%29
  • Cisco PIX Firewall Software 6.3
    cpe:2.3:o:cisco:pix_firewall_software:6.3
  • Cisco PIX Firewall Software 6.3(1)
    cpe:2.3:o:cisco:pix_firewall_software:6.3%281%29
  • Cisco PIX Firewall Software 6.3(2)
    cpe:2.3:o:cisco:pix_firewall_software:6.3%282%29
  • Cisco PIX Firewall Software 6.3(3.102)
    cpe:2.3:o:cisco:pix_firewall_software:6.3%283.102%29
  • Cisco PIX Firewall Software 6.3(3.109)
    cpe:2.3:o:cisco:pix_firewall_software:6.3%283.109%29
CVSS
Base: 5.0 (as of 30-11-2005 - 16:10)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family CISCO
    NASL id CSCED94829.NASL
    description The remote host is a CISCO router containing a version of IOS which is vulnerable to a denial of service attack. An attacker may exploit this flaw to crash the remote device by sending a malformed IKE packet to the remote device.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 20807
    published 2006-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20807
    title Cisco IOS IPSec IKE Traffic Remote DoS (CSCed94829)
  • NASL family CISCO
    NASL id CISCO-SA-20051114-IPSEC.NASL
    description Multiple Cisco products contain vulnerabilities in the processing of IPSec IKE (Internet Key Exchange) messages. These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec and can be repeatedly exploited to produce a denial of service. Cisco has made free software available to address this vulnerability for affected customers. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 48990
    published 2010-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48990
    title Multiple Vulnerabilities Found by PROTOS IPSec Test Suite - Cisco Systems
oval via4
accepted 2008-09-08T04:00:19.252-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
family ios
id oval:org.mitre.oval:def:5226
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco Systems Malformed IPSec IKE DoS Vulnerability
version 3
refmap via4
bid 15401
cert-vn VU#226364
cisco 20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite
misc
sectrack
  • 1015198
  • 1015199
  • 1015200
  • 1015201
  • 1015202
secunia 17553
Last major update 04-03-2009 - 00:40
Published 18-11-2005 - 16:03
Last modified 30-10-2018 - 12:26
Back to Top