Vulnerability Description
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nortel | Contivity | 2.1.7 |
References
- http://secunia.com/advisories/12881Vendor Advisory
- http://securitytracker.com/id?1011846
- http://www.osvdb.org/11002
- http://www.securityfocus.com/bid/11495
- http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?level=6&category=8&su
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17812
- http://secunia.com/advisories/12881Vendor Advisory
- http://securitytracker.com/id?1011846
- http://www.osvdb.org/11002
- http://www.securityfocus.com/bid/11495
- http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?level=6&category=8&su
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17812
FAQ
What is CVE-2004-2621?
CVE-2004-2621 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates ...
How severe is CVE-2004-2621?
CVE-2004-2621 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2621?
Check the references section above for vendor advisories and patch information. Affected products include: Nortel Contivity.