Lucene search
HistoryAug 05, 2005 - 4:00 a.m.
CVE-2005-2359
aes-xcbc-mac
ipsec
freebsd
remote attackers
spoofing
cve-2005-2359
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.7 Medium
AI Score
Confidence
Low
0.011 Low
EPSS
Percentile
84.3%
The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session.
Affected configurations
Node
freebsdfreebsdMatch5.3
ORfreebsdfreebsdMatch5.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| freebsd:freebsd | freebsd | eq | 5.3 |
| freebsd:freebsd | freebsd | eq | 5.4 |
Related
openvas
openvas
FreeBSD Security Advisory (FreeBSD-SA-05:19.ipsec.asc)
2008-09-04 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-05:19.ipsec.asc)
2008-09-04 00:00:00
cvelist
cvelist
CVE-2005-2359
2005-08-01 04:00:00
ubuntucve
ubuntucve
CVE-2005-2359
2005-08-05 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-05:19.ipsec
2005-07-27 00:00:00
securityvulns
securityvulns
FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec
2005-07-27 00:00:00
freebsd
freebsd
ipsec -- Incorrect key usage in AES-XCBC-MAC
2005-07-27 00:00:00
nvd
nvd
CVE-2005-2359
2005-08-05 04:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.7 Medium
AI Score
Confidence
Low
0.011 Low
EPSS
Percentile
84.3%
Related for CVE-2005-2359