| VID |
29124 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco IOS, according to its version number, has multiple authentication bypass vulnerabilities when configured to be an Easy VPN Server (CISCO bug ID CSCeg00277). Cisco IOS contains 'Easy VPN Server' which allows the administrator of the remote router to create a lightweight VPN server. CISCO IOS versions 12.2T, 12.3 and 12.3T are vulnerable to multiple authentication bypass vulnerabilities in the Implementation of Internet Key Exchange(IKE) Xauth when configured to be an Easy VPN Server as follows:
1) When processing an IKE profile that specifies XAUTH authentication after Phase 1 negotiation, Cisco IOS might not process certain attributes in the IKE profile that specifies XAUTH. This vulnerability could permit a remote attackers to bypass XAUTH and move to Phase 2 negotiations.
2) A remote attacker could send specially crafted UDP packets to UDP port 500 to complete XAUTH authentication and to gain unauthorized access to network resources.
* Note: This check solely relied on the version number of the remote system to assess these vulnerabilities, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor. And also, if a Cisco device is not configured for Cisco Easy VPN Server Xauth version 6 authentication, please ignore this alert.
* References:
http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
http://www.ciac.org/ciac/bulletins/p-169.shtml
http://www.kb.cert.org/vuls/id/236748
http://www.kb.cert.org/vuls/id/344900
http://securitytracker.com/alerts/2005/Apr/1013654.html
* Platforms Affected:
Cisco IOS versions 12.2T, 12.3 and 12.3T |
| Recommendation |
Upgrade to the fixed Cisco IOS version, as listed in "Software Versions and Fixes" of Cisco Security Advisory (Vulnerabilities in the Internet Key Exchange Xauth Implementation)
at http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
Upgrades should be obtained through the Software Center on Cisco's worldwide web site at http://www.cisco.com |
| Related URL |
CVE-2005-1058,CVE-2005-1057 (CVE) |
| Related URL |
13033,13031 (SecurityFocus) |
| Related URL |
19988,19985 (ISS) |
|
