CVE-2005-1058 — Improper Authentication in Cisco IOS

CWE-287 — Improper Authentication4 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedMay 2

Latest updateMay 1

Description

Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/ios12.2t, 12.3, 12.3t+2

🔴Vulnerability Details

GHSA

GHSA-9mj8-267m-m844: Cisco IOS 12↗2022-05-01

▶

📋Vendor Advisories

Cisco

Vulnerabilities in the Internet Key Exchange Xauth Implementation↗2005-04-06

▶

Cisco

Vulnerabilities in the Internet Key Exchange Xauth Implementation↗

▶