CVE-2005-2025

CWE-3214 documents4 sources
Severity
5.0MEDIUM
EPSS
0.5%
top 33.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco VPN 3000 Concentrator Series SoftwareCisco VPN 3005 Concentrator Software
Timeline
PublishedJun 20
Latest updateApr 8

Description

Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Patches

Patch: www.nta-monitor.comPatch: www.securityfocus.comPatch: www.nta-monitor.com

🔴Vulnerability Details

2
GHSA
GHSA-m3gf-gx72-56g4: Cisco VPN 3000 Concentrator before 42022-05-01
CVEList
CVE-2005-2025: Cisco VPN 3000 Concentrator before 42005-06-21

📋Vendor Advisories

1
CISA
Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability2025-04-08