Multiple Vulnerabilities Found by PROTOS IPSec Test Suite

2005-11-1411:00:00

tools.cisco.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.245

Percentile

96.7%

JSON

Multiple Cisco products contain vulnerabilities in the processing of IPSec IKE (Internet Key Exchange) messages. These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) “PROTOS” Test Suite for IPSec and can be repeatedly exploited to produce a denial of service.

Cisco has made free software available to address this vulnerability for affected customers. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20051114-ipsec [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20051114-ipsec”].

Affected configurations

Vulners

Node

ciscopix_firewall_softwareMatchany

ciscovpn_3000_concentrator_series_softwareMatchany

ciscofirewall_services_moduleMatchany

ciscomds_9000_san-osMatchany

ciscoadaptive_security_appliance_softwareMatch7.0

ciscowireless_lan_controllerMatch3.2

ciscowireless_lan_controllerMatch3.1

ciscopix_firewall_softwareMatchany

ciscovpn_clientMatch3000_series_concentrator

ciscofirewall_services_moduleMatchany

ciscomds_9000_san-osMatchany

ciscoadaptive_security_appliance_softwareMatch7.0.1

ciscowireless_lan_controllerMatch3.2.78.0

ciscowireless_lan_controllerMatch3.1.105.0

VendorProductVersionCPE
ciscopix_firewall_softwareanycpe:2.3:o:cisco:pix_firewall_software:any:*:*:*:*:*:*:*
ciscovpn_3000_concentrator_series_softwareanycpe:2.3:o:cisco:vpn_3000_concentrator_series_software:any:*:*:*:*:*:*:*
ciscofirewall_services_moduleanycpe:2.3:h:cisco:firewall_services_module:any:*:*:*:*:*:*:*
ciscomds_9000_san-osanycpe:2.3:o:cisco:mds_9000_san-os:any:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software7.0cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:*:*:*:*:*:*:*
ciscowireless_lan_controller3.2cpe:2.3:h:cisco:wireless_lan_controller:3.2:*:*:*:*:*:*:*
ciscowireless_lan_controller3.1cpe:2.3:h:cisco:wireless_lan_controller:3.1:*:*:*:*:*:*:*
ciscovpn_client3000_series_concentratorcpe:2.3:a:cisco:vpn_client:3000_series_concentrator:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software7.0.1cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1:*:*:*:*:*:*:*
ciscowireless_lan_controller3.2.78.0cpe:2.3:h:cisco:wireless_lan_controller:3.2.78.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	pix_firewall_software	any	cpe:2.3:o:cisco:pix_firewall_software:any:::::::*
cisco	vpn_3000_concentrator_series_software	any	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:any:::::::*
cisco	firewall_services_module	any	cpe:2.3:h:cisco:firewall_services_module:any:::::::*
cisco	mds_9000_san-os	any	cpe:2.3:o:cisco:mds_9000_san-os:any:::::::*
cisco	adaptive_security_appliance_software	7.0	cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:::::::*
cisco	wireless_lan_controller	3.2	cpe:2.3:h:cisco:wireless_lan_controller:3.2:::::::*
cisco	wireless_lan_controller	3.1	cpe:2.3:h:cisco:wireless_lan_controller:3.1:::::::*
cisco	vpn_client	3000_series_concentrator	cpe:2.3:a:cisco:vpn_client:3000_series_concentrator:::::::*
cisco	adaptive_security_appliance_software	7.0.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1:::::::*
cisco	wireless_lan_controller	3.2.78.0	cpe:2.3:h:cisco:wireless_lan_controller:3.2.78.0:::::::*