cvelistv5 - cve-2005-4565

CVE-2005-4565 (GCVE-0-2005-4565)

Vulnerability from cvelistv5 – Published: 2005-12-29 11:00 – Updated: 2024-08-07 23:53

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GSD-2005-4565

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2005-4565

Aliases

CVE-2005-4565

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-4565",
    "description": "Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.",
    "id": "GSD-2005-4565"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-4565"
      ],
      "details": "Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.",
      "id": "GSD-2005-4565",
      "modified": "2023-12-13T01:20:09.383225Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-4565",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www2.adtran.com/support/isakmp/",
            "refsource": "CONFIRM",
            "url": "http://www2.adtran.com/support/isakmp/"
          },
          {
            "name": "ADV-2005-3027",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2005/3027"
          },
          {
            "name": "16028",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/16028"
          },
          {
            "name": "18179",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18179"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:adtran:netvanta:3xxx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:adtran:netvanta:4xxx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:adtran:netvanta:5xxx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4565"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www2.adtran.com/support/isakmp/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www2.adtran.com/support/isakmp/"
            },
            {
              "name": "16028",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/16028"
            },
            {
              "name": "18179",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18179"
            },
            {
              "name": "ADV-2005-3027",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2005/3027"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-03-08T02:28Z",
      "publishedDate": "2005-12-29T11:03Z"
    }
  }
}

VAR-200512-0673

Vulnerability from variot - Updated: 2022-05-29 20:42

Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Certain ADTRAN NetVanta products are prone to multiple unspecified vulnerabilities in IKEv1. Some of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed. These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic. ADTRAN OS 10.03.03.E is available to address these issues.

For more information: SA17553

Several other bugs have also been fixed in this update.

The vulnerability is caused due to errors in the processing of IKEv1 Phase 1 protocol exchange messages. This can be exploited to cause a DoS. * Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T * Cisco PIX Firewall versions up to but not including 6.3(5) * Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4 * Cisco Firewall Services Module (FWSM) versions up to but not including 2.3(3) * Cisco VPN 3000 Series Concentrators versions up to but not including 4.1(7)H and 4.7(2)B * Cisco MDS Series SanOS versions up to but not including 2.1(2)

Note: For Cisco IOS, only images that contain the Crypto Feature Set are vulnerable.

SOLUTION: See patch matrix in vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software

PROVIDED AND/OR DISCOVERED BY: Oulu University Secure Programming Group (OUSPG) .

For more information: SA17553

The vulnerabilities have been reported in ADTRAN OS-based NetVanta products that has the IPSec VPN functionality (Enhanced Feature Pack software) installed. The fix will also be included in the official release of ADTRAN OS 10.04.00.E.

For more information: SA17553

Successful exploitation reportedly requires that the attacker is able to perform a full IKE negotiation with the affected system and requires authentication. * VPN-1/Firewall-1 NG with AI R54 prior to HFA_417. * VPN-1/Firewall-1 NG with AI R55 prior to HFA_16. * VPN-1/Firewall-1 NG with AI R55W prior to HFA_04. * VPN-1/Firewall-1 NG with AI R55P prior to HFA_06. * VPN-1 Pro NGX R60 prior to HFA_01. * Check Point Express CI R57. * Firewall-1 GX 3.0.

SOLUTION: Install the latest HFA (HotFix Accumulator).

Note: A fix will reportedly not be released for NG FP3. The vendor recommends upgrading to a recent version, and to the most recent HFA of this version.

The vendor reportedly will release hotfixes for Check Point Express CI and Firewall-1 GX 3.0 at a later date.

The vulnerability is related to: SA17553

SOLUTION: Refer to the original advisory from Nortel Networks for instructions how to apply fixes.

The vulnerability is related to: SA17553

Successful exploitation requires a weak racoon configuration (e.g. no lifetime proposal or obey mode), and using 3DES/SHA1/DH2.

TITLE: Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of Service

SECUNIA ADVISORY ID: SA17684

VERIFY ADVISORY: http://secunia.com/advisories/17684/

CRITICAL: Moderately critical

IMPACT: DoS

WHERE:

From remote

OPERATING SYSTEM: Symantec Gateway Security 400 Series http://secunia.com/product/6175/ Symantec Gateway Security 300 Series http://secunia.com/product/6176/ Symantec Gateway Security 3.x http://secunia.com/product/6177/ Symantec Gateway Security 2.x http://secunia.com/product/3104/ Symantec Gateway Security 1.x http://secunia.com/product/876/ Symantec Firewall/VPN Appliance 100/200/200R http://secunia.com/product/552/

SOFTWARE: Symantec Enterprise Firewall (SEF) 8.x http://secunia.com/product/3587/

DESCRIPTION: Symantec has acknowledged a vulnerability in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information: SA17553

Successful exploitation causes a DoS of the dynamic VPN services.

The vulnerability has been reported in the following products. * Symantec Enterprise Firewall version 8.0 (Windows) * Symantec Enterprise Firewall version 8.0 (Solaris) * Symantec Gateway Security 5000 Series version 3.0 * Symantec Gateway Security 5400 version 2.0.1 * Symantec Gateway Security 5310 version 1.0 * Symantec Gateway Security 5200/5300 version 1.0 * Symantec Gateway Security 5100 * Symantec Gateway Security 400 version 2.0 * Symantec Gateway Security 300 version 2.0 * Symantec Firewall /VPN Appliance 200/200R * Symantec Firewall /VPN Appliance 100

SOLUTION: Apply hotfixes.

Symantec Enterprise Firewall version 8.0 (Windows): Apply SEF8.0-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html

Symantec Enterprise Firewall version 8.0 (Solaris): Apply SEF8.0-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html

Symantec Gateway Security 5000 Series version 3.0: Apply SGS3.0-2005114-02. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html

Symantec Gateway Security 5400 version 2.0.1: Apply SGS2.0.1-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html

Symantec Gateway Security 5310 version 1.0: Apply SG7004-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html

Symantec Gateway Security 5200/5300 version 1.0: Apply SG7004-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html

Symantec Gateway Security 5100: Apply SG7004-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html

Symantec Gateway Security 400 version 2.0: Update to build 1103. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html

Symantec Gateway Security 300 version 2.0: Update to build 1103. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html

Symantec Firewall /VPN Appliance 200/200R: Update to build 1.8F. http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html

Symantec Firewall /VPN Appliance 100: Update to build 1.8F. http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html

ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html

OTHER REFERENCES: SA17553: http://secunia.com/advisories/17553/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200512-0673",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netvanta",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "adtran",
        "version": "4xxx"
      },
      {
        "model": "netvanta",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "adtran",
        "version": "3xxx"
      },
      {
        "model": "netvanta",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "adtran",
        "version": "5xxx"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "check point",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openswan linux ipsec",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "qnx",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "os",
        "scope": null,
        "trust": 0.3,
        "vendor": "adtran",
        "version": null
      },
      {
        "model": "os 4.00.e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "10.0"
      },
      {
        "model": "os 3.03.e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "10.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "db": "BID",
        "id": "16028"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-602"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-4565"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:adtran:netvanta:3xxx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:adtran:netvanta:4xxx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:adtran:netvanta:5xxx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-4565"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovery is credited to NISCC, CERT-FI, and the Oulu University Secure Programming Group.",
    "sources": [
      {
        "db": "BID",
        "id": "16028"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-602"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2005-4565",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2005-4565",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-4565",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#226364",
            "trust": 0.8,
            "value": "16.54"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200512-602",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-602"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-4565"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Certain ADTRAN NetVanta products are prone to multiple unspecified vulnerabilities in IKEv1. \nSome of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed. \nThese issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic. \nADTRAN OS 10.03.03.E is available to address these issues. \n\nFor more information:\nSA17553\n\nSeveral other bugs have also been fixed in this update. \r\n\r\nThe vulnerability is caused due to errors in the processing of IKEv1\nPhase 1 protocol exchange messages. This can be exploited to cause a\nDoS. \r\n* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T\r\n* Cisco PIX Firewall versions up to but not including 6.3(5)\r\n* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4\r\n* Cisco Firewall Services Module (FWSM) versions up to but not\nincluding 2.3(3)\r\n* Cisco VPN 3000 Series Concentrators versions up to but not\nincluding 4.1(7)H and 4.7(2)B\r\n* Cisco MDS Series SanOS versions up to but not including 2.1(2)\r\n\r\nNote: For Cisco IOS, only images that contain the Crypto Feature Set\nare vulnerable. \n\nSOLUTION:\nSee patch matrix in vendor advisory for information about fixes. \r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software\n\nPROVIDED AND/OR DISCOVERED BY:\nOulu University Secure Programming Group (OUSPG) . \n\nFor more information:\nSA17553\n\nThe vulnerabilities have been reported in ADTRAN OS-based NetVanta\nproducts that has the IPSec VPN functionality (Enhanced Feature Pack\nsoftware) installed. \nThe fix will also be included in the official release of ADTRAN OS\n10.04.00.E. \n\nFor more information:\nSA17553\n\nSuccessful exploitation reportedly requires that the attacker is able\nto perform a full IKE negotiation with the affected system and\nrequires authentication. \n* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417. \n* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16. \n* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04. \n* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06. \n* VPN-1 Pro NGX R60 prior to HFA_01. \n* Check Point Express CI R57. \n* Firewall-1 GX 3.0. \n\nSOLUTION:\nInstall the latest HFA (HotFix Accumulator). \n\nNote: A fix will reportedly not be released for NG FP3. The vendor\nrecommends upgrading to a recent version, and to the most recent HFA\nof this version. \n\nThe vendor reportedly will release hotfixes for Check Point Express\nCI and Firewall-1 GX 3.0 at a later date. \r\n\r\nThe vulnerability is related to:\r\nSA17553\n\nSOLUTION:\nRefer to the original advisory from Nortel Networks for instructions\nhow to apply fixes. \n\nThe vulnerability is related to:\nSA17553\n\nSuccessful exploitation requires a weak racoon configuration (e.g. no\nlifetime proposal or obey mode), and using 3DES/SHA1/DH2. \n\nTITLE:\nSymantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of\nService\n\nSECUNIA ADVISORY ID:\nSA17684\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17684/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nSymantec Gateway Security 400 Series\nhttp://secunia.com/product/6175/\nSymantec Gateway Security 300 Series\nhttp://secunia.com/product/6176/\nSymantec Gateway Security 3.x\nhttp://secunia.com/product/6177/\nSymantec Gateway Security 2.x\nhttp://secunia.com/product/3104/\nSymantec Gateway Security 1.x\nhttp://secunia.com/product/876/\nSymantec Firewall/VPN Appliance 100/200/200R\nhttp://secunia.com/product/552/\n\nSOFTWARE:\nSymantec Enterprise Firewall (SEF) 8.x\nhttp://secunia.com/product/3587/\n\nDESCRIPTION:\nSymantec has acknowledged a vulnerability in various Symantec\nproducts, which can be exploited by malicious people to cause a DoS\n(Denial of Service). \n\nFor more information:\nSA17553\n\nSuccessful exploitation causes a DoS of the dynamic VPN services. \n\nThe vulnerability has been reported in the following products. \n* Symantec Enterprise Firewall version 8.0 (Windows)\n* Symantec Enterprise Firewall version 8.0 (Solaris)\n* Symantec Gateway Security 5000 Series version 3.0\n* Symantec Gateway Security 5400 version 2.0.1\n* Symantec Gateway Security 5310 version 1.0\n* Symantec Gateway Security 5200/5300 version 1.0\n* Symantec Gateway Security 5100\n* Symantec Gateway Security 400 version 2.0\n* Symantec Gateway Security 300\tversion 2.0\n* Symantec Firewall /VPN Appliance 200/200R\n* Symantec Firewall /VPN Appliance 100\n\nSOLUTION:\nApply hotfixes. \n\nSymantec Enterprise Firewall version 8.0 (Windows):\nApply SEF8.0-20051114-00. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html\n\nSymantec Enterprise Firewall version 8.0 (Solaris):\nApply SEF8.0-20051114-00. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html\n\nSymantec Gateway Security 5000 Series version 3.0:\nApply SGS3.0-2005114-02. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html\n\nSymantec Gateway Security 5400 version 2.0.1:\nApply SGS2.0.1-20051114-00. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html\n\nSymantec Gateway Security 5310 version 1.0:\nApply SG7004-20051114-00. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html\n\nSymantec Gateway Security 5200/5300 version 1.0:\nApply SG7004-20051114-00. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html\n\nSymantec Gateway Security 5100:\nApply SG7004-20051114-00. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html\n\nSymantec Gateway Security 400 version 2.0:\nUpdate to build 1103. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html\n\nSymantec Gateway Security 300 version 2.0:\nUpdate to build 1103. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html\n\nSymantec Firewall /VPN Appliance 200/200R:\nUpdate to build 1.8F. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html\n\nSymantec Firewall /VPN Appliance 100:\nUpdate to build 1.8F. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html\n\nORIGINAL ADVISORY:\nSymantec:\nhttp://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html\n\nOTHER REFERENCES:\nSA17553:\nhttp://secunia.com/advisories/17553/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-4565"
      },
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "db": "BID",
        "id": "16028"
      },
      {
        "db": "PACKETSTORM",
        "id": "41982"
      },
      {
        "db": "PACKETSTORM",
        "id": "41515"
      },
      {
        "db": "PACKETSTORM",
        "id": "42485"
      },
      {
        "db": "PACKETSTORM",
        "id": "41614"
      },
      {
        "db": "PACKETSTORM",
        "id": "41586"
      },
      {
        "db": "PACKETSTORM",
        "id": "41791"
      },
      {
        "db": "PACKETSTORM",
        "id": "41739"
      },
      {
        "db": "PACKETSTORM",
        "id": "41734"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "16028",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "18179",
        "trust": 1.7
      },
      {
        "db": "NVD",
        "id": "CVE-2005-4565",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2005-3027",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "17621",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "17663",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "17838",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "17553",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "17608",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "17684",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "17668",
        "trust": 0.9
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2005.0924",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#226364",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-602",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "41982",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41515",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "42485",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41614",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41586",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41791",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41739",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41734",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "db": "BID",
        "id": "16028"
      },
      {
        "db": "PACKETSTORM",
        "id": "41982"
      },
      {
        "db": "PACKETSTORM",
        "id": "41515"
      },
      {
        "db": "PACKETSTORM",
        "id": "42485"
      },
      {
        "db": "PACKETSTORM",
        "id": "41614"
      },
      {
        "db": "PACKETSTORM",
        "id": "41586"
      },
      {
        "db": "PACKETSTORM",
        "id": "41791"
      },
      {
        "db": "PACKETSTORM",
        "id": "41739"
      },
      {
        "db": "PACKETSTORM",
        "id": "41734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-602"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-4565"
      }
    ]
  },
  "id": "VAR-200512-0673",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.1625
  },
  "last_update_date": "2022-05-29T20:42:04.951000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-4565"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www2.adtran.com/support/isakmp/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/17553/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/18179"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/16028"
      },
      {
        "trust": 1.2,
        "url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2005/3027"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/17608/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/17621/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/17684/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/17668/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/17663/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/17838/"
      },
      {
        "trust": 0.8,
        "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp"
      },
      {
        "trust": 0.8,
        "url": "http://www.ficora.fi/suomi/tietoturva/varoitukset/varoitus-2005-82.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.auscert.org.au/5748"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/niscc/niscc-273756/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2005/3027"
      },
      {
        "trust": 0.3,
        "url": "http://www.adtran.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5625/"
      },
      {
        "trust": 0.1,
        "url": "http://www.astaro.org/showflat.php?cat=\u0026number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/90/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/50/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6102/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/706/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/182/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/56/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5088/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6101/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2273/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3214/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/59/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6599/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6598/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6600/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/18179/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/89/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6148/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6010/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6149/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2542/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6124/"
      },
      {
        "trust": 0.1,
        "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=bltndetail\u0026documentoid=367651\u0026renditionid="
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6125/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6126/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2576/"
      },
      {
        "trust": 0.1,
        "url": "https://clientweb.clavister.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.clavister.com/support/support_update_isakmp.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6205/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3352/"
      },
      {
        "trust": 0.1,
        "url": "http://sourceforge.net/project/showfiles.php?group_id=74601\u0026package_id=74949\u0026release_id=372605"
      },
      {
        "trust": 0.1,
        "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=9017454\u0026forum_id=32000"
      },
      {
        "trust": 0.1,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=372605\u0026group_id=74601"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3104/"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6177/"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3587/"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6175/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6176/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/552/"
      },
      {
        "trust": 0.1,
        "url": "http://securityresponse.symantec.com/avcenter/security/content/2005.11.21.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/876/"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "db": "BID",
        "id": "16028"
      },
      {
        "db": "PACKETSTORM",
        "id": "41982"
      },
      {
        "db": "PACKETSTORM",
        "id": "41515"
      },
      {
        "db": "PACKETSTORM",
        "id": "42485"
      },
      {
        "db": "PACKETSTORM",
        "id": "41614"
      },
      {
        "db": "PACKETSTORM",
        "id": "41586"
      },
      {
        "db": "PACKETSTORM",
        "id": "41791"
      },
      {
        "db": "PACKETSTORM",
        "id": "41739"
      },
      {
        "db": "PACKETSTORM",
        "id": "41734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-602"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-4565"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "db": "BID",
        "id": "16028"
      },
      {
        "db": "PACKETSTORM",
        "id": "41982"
      },
      {
        "db": "PACKETSTORM",
        "id": "41515"
      },
      {
        "db": "PACKETSTORM",
        "id": "42485"
      },
      {
        "db": "PACKETSTORM",
        "id": "41614"
      },
      {
        "db": "PACKETSTORM",
        "id": "41586"
      },
      {
        "db": "PACKETSTORM",
        "id": "41791"
      },
      {
        "db": "PACKETSTORM",
        "id": "41739"
      },
      {
        "db": "PACKETSTORM",
        "id": "41734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-602"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-4565"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-11-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "date": "2005-11-23T00:00:00",
        "db": "BID",
        "id": "16028"
      },
      {
        "date": "2005-12-01T18:48:38",
        "db": "PACKETSTORM",
        "id": "41982"
      },
      {
        "date": "2005-11-15T06:02:23",
        "db": "PACKETSTORM",
        "id": "41515"
      },
      {
        "date": "2005-12-22T07:01:32",
        "db": "PACKETSTORM",
        "id": "42485"
      },
      {
        "date": "2005-11-19T21:56:12",
        "db": "PACKETSTORM",
        "id": "41614"
      },
      {
        "date": "2005-11-19T21:56:12",
        "db": "PACKETSTORM",
        "id": "41586"
      },
      {
        "date": "2005-11-30T04:03:08",
        "db": "PACKETSTORM",
        "id": "41791"
      },
      {
        "date": "2005-11-22T18:19:46",
        "db": "PACKETSTORM",
        "id": "41739"
      },
      {
        "date": "2005-11-22T18:19:46",
        "db": "PACKETSTORM",
        "id": "41734"
      },
      {
        "date": "2005-12-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-602"
      },
      {
        "date": "2005-12-29T11:03:00",
        "db": "NVD",
        "id": "CVE-2005-4565"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-01-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "date": "2005-11-23T00:00:00",
        "db": "BID",
        "id": "16028"
      },
      {
        "date": "2005-12-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-602"
      },
      {
        "date": "2011-03-08T02:28:00",
        "db": "NVD",
        "id": "CVE-2005-4565"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-602"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ADTRAN NetVanta Products IKE Traffic Multiple Unspecified Vulnerabilities",
    "sources": [
      {
        "db": "BID",
        "id": "16028"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-602"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "format string",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-602"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2005-4565

Vulnerability from fkie_nvd - Published: 2005-12-29 11:03 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/18179	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/16028
cve@mitre.org	http://www.vupen.com/english/advisories/2005/3027
cve@mitre.org	http://www2.adtran.com/support/isakmp/	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18179	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16028
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/3027
af854a3a-2127-422b-91ae-364da2661108	http://www2.adtran.com/support/isakmp/	Patch

Impacted products

Vendor	Product	Version
adtran	netvanta	3xxx
adtran	netvanta	4xxx
adtran	netvanta	5xxx

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:adtran:netvanta:3xxx:*:*:*:*:*:*:*",
              "matchCriteriaId": "093D7E4E-6DCC-4BBB-B6B2-2A679E95CC28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:adtran:netvanta:4xxx:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CEA4735-EC77-4179-86DC-C8BF702CCD08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:adtran:netvanta:5xxx:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1B393E-6DC3-4F5F-B24C-8207245C74E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1."
    }
  ],
  "id": "CVE-2005-4565",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-29T11:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18179"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/16028"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/3027"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www2.adtran.com/support/isakmp/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/3027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www2.adtran.com/support/isakmp/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-V25V-X7CF-RJXX

Vulnerability from github – Published: 2022-05-01 02:28 – Updated: 2025-04-03 04:23

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-4565"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-12-29T11:03:00Z",
    "severity": "HIGH"
  },
  "details": "Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.",
  "id": "GHSA-v25v-x7cf-rjxx",
  "modified": "2025-04-03T04:23:02Z",
  "published": "2022-05-01T02:28:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4565"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18179"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16028"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2005/3027"
    },
    {
      "type": "WEB",
      "url": "http://www2.adtran.com/support/isakmp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-4565 (GCVE-0-2005-4565)

GSD-2005-4565

VAR-200512-0673

FKIE_CVE-2005-4565

GHSA-V25V-X7CF-RJXX

Tags

Sightings

Nomenclature