NASLDB: Vulnerabilities in the Internet Key Exchange Xauth Implementation - Cisco Systems
General
ID: 48984
Name: Vulnerabilities in the Internet Key Exchange Xauth Implementation – Cisco Systems
Summary: Uses SNMP to determine if a flaw is present
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:U/RL:W/RC:C
Port: –
Family: CISCO
Type: Local
Description
Cisco Internetwork Operating System (IOS) Software release trains
12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain
Internet Key Exchange (IKE) Xauth messages when configured to be an
Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an
unauthorized user to complete authentication and potentially access
network resources.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2005-1057
OSVDB: –
Bugtraq: 13031
scipID: –
Timeline
Vulnerability Disclosure: 2005/04/06
Patch Release: 2005/04/06
Plugin Release: 2010/09/01
Plugin
Version: 1.9
Filename: cisco-sa-20050406-xauth.nasl
Filesize: 18560 bytes
MD5 Hash: c8fcf48c64bd739f223fb3336b01c083
Identification: –
Require Keys: Host/Cisco/IOS/Version
Dependencies: "cisco_ios_version.nasl"
Copyright: This script is© 2010-2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack