published date: June 20, 2005

CVE-2005-2025 : Cisco VPN 3000 Concentrator...

Description

Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.

Product(s):

Cisco VPN 3000 Concentrator
Cisco VPN 3015 Concentrator
Cisco VPN 3020 Concentrator
Cisco VPN 3000 Concentrator Series Software 4.1.7.l
Cisco VPN 3030 Concentrator
Cisco VPN 3030 Concentator
Cisco VPN 3060 Concentrator
Cisco VPN 3080 Concentrator
Cisco VPN 3000 Concentrator Series Software 2.0
Cisco VPN 3000 Concentrator Series Software 2.5.2.a
Cisco VPN 3000 Concentrator Series Software 2.5.2.b
Cisco VPN 3000 Concentrator Series Software 2.5.2.c
Cisco VPN 3000 Concentrator Series Software 2.5.2.d
Cisco VPN 3000 Concentrator Series Software 2.5.2.f
Cisco VPN 3000 Concentrator Series Software 3.0.3.a
Cisco VPN 3000 Concentrator Series Software 3.0.3.b
Cisco VPN 3000 Concentrator Series Software 3.0.4
Cisco VPN 3000 Concentrator Series Software 3.0
Cisco VPN 3000 Concentrator Series Software 3.1.1
Cisco VPN 3000 Concentrator Series Software 3.1.2
Cisco VPN 3000 Concentrator Series Software 3.1.4
Cisco VPN 3000 Concentrator Series Software 3.1 (Rel)
Cisco VPN 3000 Concentrator Series Software 3.5.1
Cisco VPN 3000 Concentrator Series Software 3.5.2
Cisco VPN 3000 Concentrator Series Software 3.5.3
Cisco VPN 3000 Concentrator Series Software 3.5.4
Cisco VPN 3000 Concentrator Series Software 3.5.5
Cisco VPN 3000 Concentrator Series Software 3.5 (Rel)
Cisco VPN 3000 Concentrator Series Software 3.6.1
Cisco VPN 3000 Concentrator Series Software 3.6.3
Cisco VPN 3000 Concentrator Series Software 3.6.5
Cisco VPN 3000 Concentrator Series Software 3.6.7.a
Cisco VPN 3000 Concentrator Series Software 3.6.7.b
Cisco VPN 3000 Concentrator Series Software 3.6.7.c
Cisco VPN 3000 Concentrator Series Software 3.6.7.d
Cisco VPN 3000 Concentrator Series Software 3.6.7.f
Cisco VPN 3000 Concentrator Series Software 3.6.7
Cisco VPN 3000 Concentrator Series Software 3.6.7d
Cisco VPN 3000 Concentrator Series Software 4.0.1
Cisco VPN 3000 Concentrator Series Software 4.0.5.b
Cisco VPN 3000 Concentrator Series Software 4.0
Cisco VPN 3000 Concentrator Series Software 4.1.5.b
Cisco VPN 3000 Concentrator Series Software 4.1.7.a
Cisco VPN 3000 Concentrator Series Software 4.1.7.b
Cisco VPN 3000 Concentrator Series Software 4.1
Cisco VPN 3005 Concentrator Software 4.0.1

CVSS:5 [Critical]
EPSS:0.91%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2005-2025, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2005-2025 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2005-2025

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales