ID

VAR-200505-0998

CVE

CVE-2005-1058

TITLE

Cisco IOS Easy VPN Server fails to properly process ISAKMP profile attributes

DESCRIPTION

Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Cisco IOS The remote user IPSec using, CISCO IOS VPN Software that enables secure communication with the gateway Easy VPN Server Has been implemented. Also, IKE (Internet Key Exchange) Expanded XAUTH (eXtended authentication) But VPN Used for authentication with clients. Cisco IOS 12.2/12.3-based Releases Implemented in Easy VPN Server Has several security issues: 1) specific Internet Key Exchange (IKE) XAUTH Message is UDP port 500 Sent to the wrong client XAUTH There is a problem that allows authentication. (BID 13031) However, in order to take advantage of this issue, the attacker IKE Phase 1 You need to know the shared group key to complete the negotiation. 2) specific ISAKMP If the profile attribute is set but not processed properly, VPN Server − There is a problem that a deadlock condition occurs in communication between clients. (BID 13033) The deadlock condition usually clears over time, but during this time the phase 2 When a negotiation is initiated by a malicious client, IPSec SA (Security Association) May be established. still, ISAKMP Only affected by certificate map matching in the profile. A remote attacker who exploits these issues could gain unauthorized access and gain access to network resources.Please refer to the “Overview” for the impact of this vulnerability. The vulnerability occurs in a case where attributes in an ISAKMP profile that have been assigned to remote peer are not processed. Cisco IOS is the Internet operating system used by Cisco network equipment. ---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Cisco IOS IKE XAUTH Implementation Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA14853 VERIFY ADVISORY: http://secunia.com/advisories/14853/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Cisco IOS R12.x http://secunia.com/product/50/ Cisco IOS 12.x http://secunia.com/product/182/ DESCRIPTION: Two vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: See patch matrix in the vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml#software PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

competitive condition

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Cisco Security bulletin

SOURCES

LAST UPDATE DATE

2023-12-18T12:32:57.155000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE