Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.
References
Link | Resource |
---|---|
http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm | Exploit Patch Vendor Advisory |
http://www.securityfocus.com/bid/13992 | Patch Vendor Advisory |
http://www.vupen.com/english/advisories/2005/0822 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2005-06-19 21:00
Updated : 2018-10-30 09:26
NVD link : CVE-2005-2025
Mitre link : CVE-2005-2025
JSON object : View
CWE
Products Affected
cisco
- vpn_3080_concentrator
- vpn_3020_concentrator
- vpn_3060_concentrator
- vpn_3000_concentrator_series_software
- vpn_3000_concentrator
- vpn_3005_concentrator_software
- vpn_3030_concentator
- vpn_3015_concentrator