Vulnerability Description
Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Vpn 3000 Concentrator | All versions |
| Cisco | Vpn 3015 Concentrator | All versions |
| Cisco | Vpn 3020 Concentrator | All versions |
| Cisco | Vpn 3030 Concentator | All versions |
| Cisco | Vpn 3060 Concentrator | All versions |
| Cisco | Vpn 3080 Concentrator | All versions |
| Cisco | Vpn 3000 Concentrator Series Software | 2.0 |
| Cisco | Vpn 3005 Concentrator Software | 4.0.1 |
References
- http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htmExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/13992PatchVendor Advisory
- http://www.vupen.com/english/advisories/2005/0822
- http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htmExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/13992PatchVendor Advisory
- http://www.vupen.com/english/advisories/2005/0822
FAQ
What is CVE-2005-2025?
CVE-2005-2025 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response...
How severe is CVE-2005-2025?
CVE-2005-2025 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2025?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Vpn 3000 Concentrator, Cisco Vpn 3015 Concentrator, Cisco Vpn 3020 Concentrator, Cisco Vpn 3030 Concentator, Cisco Vpn 3060 Concentrator.