Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerability
CVE-2005-1802
Published:
2005-05-27
Modified:
2012-02-12
Description:
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.
Vendor:
Nortel
Product:
Contivity
Version:
4600_secure_ip_services_gateway
4500_secure_ip_services_gateway
4000_vpn_switch
2600_secure_ip_services_gateway
2500_vpn_switch
2000_vpn_switch
1600_secure_ip_services_gateway
1500_vpn_switch
1000_vpn_switch
Product:
Vpn router 1700
Product:
Vpn router 2700
Product:
Vpn router 1010
Product:
Vpn router 600
Product:
Vpn router 1100
Product:
Vpn router 1740
Product:
Vpn router 5000
Product:
Vpn router 1050
CVSS2
=> (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
References:
http://www.securityfocus.com/bid/13792
http://www.securityfocus.com/archive/1/399423
http://www.nta-monitor.com/news/vpn-flaws/nortel/vpn-router-dos/
http://securitytracker.com/id?1014068
Related CVE
CVE-2008-6577
Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.
CVE-2008-6578
Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.
CVE-2008-6579
Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."
CVE-2008-6576
Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion ...
CVE-2008-6564
Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks.
CVE-2008-5871
Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command.
CVE-2008-5872
Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) v...
CVE-2008-4999
Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the ori...
closedb(); ?>
Copyright
2019
, cxsecurity.com
Back to Top