Technical Description

Two vulnerabilities were identified in Cisco IOS, which may be exploited by remote attackers to gain unauthorized access to the network resources.

- The first flaw resides in the Easy VPN Server XAUTH feature which fails to handle certain malformed packets (port 500/udp), which may permit an unauthorized user to complete Xauth authentication and thereby gain access to network resources.

- The second vulnerability exists where the ISAKMP profile is assigned but the attributes that are configured in the ISAKMP profile are not processed. This can result in a situtation where both the VPN client and VPN server are expecting to hear something from the other end of the connection. Normally this deadlock will be broken by idle timers tearing down the SA, but it is possible for a malicious client to propose Phase 2 negotiation during this time which may allow for the IPSec SA to be fully established.

Affected Products

Cisco IOS 12.2-x Releases
Cisco IOS 12.3-x Releases

Solution

http://www.cisco.com/en/US/products/products_security_advisory09186a008042d519.shtml#software

References

http://www.vupen.com/english/advisories/2005/0321
http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml

Credits

Vulnerability reported by the vendor

ChangeLog

2005-04-06 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.