Lucene search

K
cveCiscoCVE-2013-3436
HistoryJul 19, 2013 - 2:36 p.m.

CVE-2013-3436

2013-07-1914:36:13
CWE-264
cisco
web.nvd.nist.gov
26
cisco
group encrypted transport vpn
get vpn
cisco ios
nvd
cve-2013-3436
bug id cscui07698

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0.005

Percentile

75.9%

The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698.

Affected configurations

Nvd
Node
ciscoiosMatch-
VendorProductVersionCPE
ciscoios-cpe:/o:cisco:ios:-:::

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0.005

Percentile

75.9%

Related for CVE-2013-3436