Details of VAR-E-200504-0253

ID

VAR-E-200504-0253

CVE

cve_id:

CVE-2005-1058

Trust: 0.3

sources: BID: 13033

TITLE

Cisco IOS Unauthorized Security Association Establishment Vulnerability

Trust: 0.3

sources: BID: 13033

DESCRIPTION

Cisco IOS is prone to an issue related to XAUTH and ISAKMP profiles that may allow a malicious VPN client to gain unauthorized access to a VPN.
The vulnerability occurs in a case where attributes in an ISAKMP profile that have been assigned to remote peer are not processed. This will present a window of opportunity for the remote client to initiate Phase 2 IKE negotiation and cause an unauthorized IPSec SA (Security Association) to be established.
It is noted that the vulnerability only affects those ISAKMP profiles that are matched by pre-configured certificate maps.

Trust: 0.3

sources: BID: 13033

AFFECTED PRODUCTS

vendor:	cisco	model:	ios 12.2zj	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 12.2yw	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 12.2xk	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 12.2cx	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 12.2zh	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2zg	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2zf	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2ze	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2zd	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2zc	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2zb	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2yy	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2yx	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2yv	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2yu	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2yt	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2yr	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2yq	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2yp	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2yn	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2ym	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2yl	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2xj	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2sy	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2cy	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.3yk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3ya	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.3xx	Trust: 0.3
vendor:	cisco	model:	ios 12.3xw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xt	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xs	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xl	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3bw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3bc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.3	Trust: 0.3
vendor:	cisco	model:	ios 12.2zp	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zl	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ya	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xl	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sx	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2su	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2jk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2cz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2bz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2by	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2bx	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2bc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 0.3

sources: BID: 13033

EXPLOIT

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

Trust: 0.3

sources: BID: 13033

PRICE

Free

Trust: 0.3

sources: BID: 13033

TYPE

Race Condition Error

Trust: 0.3

sources: BID: 13033

CREDITS

This issue was announced by the vendor.

Trust: 0.3

sources: BID: 13033

EXTERNAL IDS

db:	NVD	id:	CVE-2005-1058	Trust: 0.3
db:	BID	id:	13033	Trust: 0.3

sources: BID: 13033

SOURCES

db:

BID

id:

13033

LAST UPDATE DATE

2022-07-27T10:00:06.675000+00:00

SOURCES UPDATE DATE

db:

BID

id:

13033

date:

2009-07-12T11:57:00

SOURCES RELEASE DATE

db:

BID

id:

13033

date:

2005-04-06T00:00:00