CVE-2005-1057 — Improper Authentication in Cisco IOS

CWE-287 — Improper Authentication4 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedMay 2

Latest updateMay 1

Description

Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/ios12.2t, 12.3, 12.3t+2

🔴Vulnerability Details

GHSA

GHSA-85g4-355g-r556: Cisco IOS 12↗2022-05-01

▶

📋Vendor Advisories

Cisco

Vulnerabilities in the Internet Key Exchange Xauth Implementation↗2005-04-06

▶

Cisco

Vulnerabilities in the Internet Key Exchange Xauth Implementation↗

▶