CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.3%
Numerous errors in isakmpd’s input packet validation lead to
denial-of-service vulnerabilities. From the Rapid7 advisory:
The ISAKMP packet processing functions in OpenBSD’s
isakmpd daemon contain multiple payload handling flaws
that allow a remote attacker to launch a denial of
service attack against the daemon.
Carefully crafted ISAKMP packets will cause the isakmpd
daemon to attempt out-of-bounds reads, exhaust available
memory, or loop endlessly (consuming 100% of the CPU).