5

CVE-2005-2025

Exploit

EPSS 0.5%
Published 20.06.2005 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Vpn 3000 Concentrator

Cisco ≫ Vpn 3015 Concentrator

Cisco ≫ Vpn 3020 Concentrator

Cisco ≫ Vpn 3030 Concentator

Cisco ≫ Vpn 3060 Concentrator

Cisco ≫ Vpn 3080 Concentrator

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.0

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.a

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.c

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.d

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.f

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.0

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.0.3.a

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.0.3.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.0.4

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.1.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.1.2

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.1.4

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.2

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.3

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.4

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.5

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.3

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.5

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7.a

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7.c

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7.d

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7.f

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7d

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.0

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.0.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.0.5.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.1.5.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.1.7.a

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.1.7.b

Cisco ≫ Vpn 3005 Concentrator Software Version4.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.5%	0.649

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm

Patch

Vendor Advisory

Exploit

http://www.securityfocus.com/bid/13992

Patch

Vendor Advisory

http://www.vupen.com/english/advisories/2005/0822

https://nvd.nist.gov/vuln/detail/CVE-2005-2025

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-2025

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-2025

EUVD