CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
76.8%
A vulnerability in Cisco IOS Easy VPN Server may allow unauthorized users to complete XAUTH authentication and potentially access private network resources.
Easy VPN Server
Cisco IOS Easy VPN Server allows an IOS device to function as a VPN concentrator, providing authentication and encrypted access to network resources. Easy VPN Server was introduced in IOS 12.2(8)T.
IPSec
IPSec is a set of standards developed by the IETF that provides data confidentiality, integrity, and authentication at the IP layer. IPSec is used by applications such as Virtual Private Networks (VPNs).
Internet Key Exchange (IKE)
IKE (RFC2409) is a protocol that negotiates and provides authenticated keying material for security associations (SAs) in a protected manner. IKE is accomplished by using a combination of ISAKMP (RFC2408) and other protocols. ISAKMP provides a framework for internet key management. The IKE negotiation process consists of two phases. Phase 1 establishes an ISAKMP SA. Phase 2 is used to create SAs for other security protocols.
XAUTH
Extended Authentication (XAUTH) is an extension to IKE. It is defined in the expired document draft-ietf-ipsec-isakmp-xauth-06.txt
. XAUTH allows IKE to use existing unidirectional authentication mechanisms after the Phase 1 SA has been established. XAUTH has been rejected by the IETF due to security flaws.
The Problem
When certain packets are sent to a Cisco Easy VPN server on port 500/udp
, XAUTH authentication may be completed. This may allow access to network resources. Because XAUTH authentication takes place after the IKE Phase 1 negotiation, an attacker must know the shared group key to successfully perform this attack.
A remote attacker may be able to gain unintended access to the private network on the affected device.
Apply a patch or upgrade
Please refer to the “Software Versions and Fixes” section of the Cisco Security Advisory for more information on upgrading.
Do not use XAUTH
XAUTH contains several security flaws and has been rejected by the IETF.
Use strong group passwords
Use strong group passwords as described in the “Workarounds” section of the Cisco Security Advisory. This may help prevent a brute-force attack against the key.
344900
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: April 07, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see the Cisco Security Advisory.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23344900 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by the Cisco Systems Product Security Incident Response Team (PSIRT).
This document was written by Will Dormann.
CVE IDs: | CVE-2005-1057 |
---|---|
Severity Metric: | 1.89 Date Public: |
secunia.com/advisories/14853
securitytracker.com/alerts/2005/Apr/1013654.html
www.apps.ietf.org/rfc/rfc2408.html
www.apps.ietf.org/rfc/rfc2409.html
www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
www.ietf.org/html.charters/ipsec-charter.html
www.securityfocus.com/bid/13031
xforce.iss.net/xforce/xfdb/19988