VAR-200412-0753
Vulnerability from variot - Updated: 2023-12-18 13:16Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. Nortel Contivity VPN Client is reported prone to a certificate check failure. The vulnerability is present because the VPN connection is established before the user permits the connection. This may allow the attacker to launch further attacks against the vulnerable computer. Nortel Contivity VPN Client is a VPN client. Remote attackers can exploit this vulnerability to further attack the target system. No detailed vulnerability details are currently available.
Successful exploitation requires that an attacker is able to conduct a man-in-the-middle attack, thereby making the client connect to a malicious gateway.
The vulnerability has been reported in version 4.91. Other versions may also be vulnerable.
SOLUTION: Reportedly, this will be fixed in version 5.1 (expected to be released in the beginning of 2005).
The vendor has not replied to any requests for comments on this issue.
PROVIDED AND/OR DISCOVERED BY: Roger Sylvain from Solucom
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0753",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "contivity",
"scope": "eq",
"trust": 1.6,
"vendor": "nortel",
"version": "4.91"
},
{
"model": "contivity",
"scope": "eq",
"trust": 1.6,
"vendor": "nortel",
"version": "5.01"
},
{
"model": "contivity",
"scope": "eq",
"trust": 1.6,
"vendor": "nortel",
"version": "2.1.7"
},
{
"model": "contivity",
"scope": "eq",
"trust": 1.6,
"vendor": "nortel",
"version": "3.00"
},
{
"model": "contivity",
"scope": "eq",
"trust": 1.6,
"vendor": "nortel",
"version": "3.01"
},
{
"model": "networks contivity vpn client",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "4.91"
}
],
"sources": [
{
"db": "BID",
"id": "11495"
},
{
"db": "NVD",
"id": "CVE-2004-2621"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-252"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortel:contivity:4.91:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:nortel:contivity:5.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:nortel:contivity:3.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:nortel:contivity:3.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:nortel:contivity:2.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2621"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sylvain Roger\u203b sylvain.roger@solucom.fr",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-252"
}
],
"trust": 0.6
},
"cve": "CVE-2004-2621",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-11049",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-2621",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-252",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-11049",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11049"
},
{
"db": "NVD",
"id": "CVE-2004-2621"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. Nortel Contivity VPN Client is reported prone to a certificate check failure. The vulnerability is present because the VPN connection is established before the user permits the connection. \nThis may allow the attacker to launch further attacks against the vulnerable computer. Nortel Contivity VPN Client is a VPN client. Remote attackers can exploit this vulnerability to further attack the target system. No detailed vulnerability details are currently available. \n\nSuccessful exploitation requires that an attacker is able to conduct\na man-in-the-middle attack, thereby making the client connect to a\nmalicious gateway. \n\nThe vulnerability has been reported in version 4.91. Other versions\nmay also be vulnerable. \n\nSOLUTION:\nReportedly, this will be fixed in version 5.1 (expected to be\nreleased in the beginning of 2005). \n\nThe vendor has not replied to any requests for comments on this\nissue. \n\nPROVIDED AND/OR DISCOVERED BY:\nRoger Sylvain from Solucom\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2621"
},
{
"db": "BID",
"id": "11495"
},
{
"db": "VULHUB",
"id": "VHN-11049"
},
{
"db": "PACKETSTORM",
"id": "34797"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11495",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "12881",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "11002",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1011846",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2004-2621",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-252",
"trust": 0.7
},
{
"db": "XF",
"id": "17812",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "7051",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-11049",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "34797",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11049"
},
{
"db": "BID",
"id": "11495"
},
{
"db": "PACKETSTORM",
"id": "34797"
},
{
"db": "NVD",
"id": "CVE-2004-2621"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-252"
}
]
},
"id": "VAR-200412-0753",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-11049"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:16:09.135000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2621"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?level=6\u0026category=8\u0026subcategory=6\u0026subtype=\u0026documentoid=276620\u0026renditionid=rend159588"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11495"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/11002"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1011846"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/12881"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17812"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17812"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/7051"
},
{
"trust": 0.3,
"url": "http://www.nortelnetworks.com/products/01/contivity/multi_os/"
},
{
"trust": 0.1,
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?level=6\u0026amp;category=8\u0026amp;subcategory=6\u0026amp;subtype=\u0026amp;documentoid=276620\u0026amp;renditionid=rend159588"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/12881/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2428/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11049"
},
{
"db": "BID",
"id": "11495"
},
{
"db": "PACKETSTORM",
"id": "34797"
},
{
"db": "NVD",
"id": "CVE-2004-2621"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-11049"
},
{
"db": "BID",
"id": "11495"
},
{
"db": "PACKETSTORM",
"id": "34797"
},
{
"db": "NVD",
"id": "CVE-2004-2621"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-11049"
},
{
"date": "2004-10-21T00:00:00",
"db": "BID",
"id": "11495"
},
{
"date": "2004-10-27T02:42:07",
"db": "PACKETSTORM",
"id": "34797"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2621"
},
{
"date": "2004-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-11049"
},
{
"date": "2004-10-21T00:00:00",
"db": "BID",
"id": "11495"
},
{
"date": "2017-07-20T01:29:02.440000",
"db": "NVD",
"id": "CVE-2004-2621"
},
{
"date": "2006-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-252"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-252"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nortel Contivity VPN Client Gateway Certificate Check Failure Vulnerability",
"sources": [
{
"db": "BID",
"id": "11495"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-252"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "11495"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-252"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…