CVE-2005-3733 — Juniper Junos E vulnerability

CWE-3995 documents4 sources

Severity

7.5HIGHNVD

EPSS

6.5%

top 8.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos E Juniper Junos J Juniper Junos M +6 more

Timeline

PublishedNov 21

Latest updateMay 1

Description

The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to…

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages9 packages

▶NVDjuniper/junos_e7.0.0

▶NVDjuniper/junose_e7.0.0

▶NVDjuniper/junose_j6.3

▶NVDjuniper/junose_m6.3.0

▶NVDjuniper/junose_t6.3

🔴Vulnerability Details

GHSA

GHSA-cv4j-grvc-2x58: The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6↗2022-05-01

▶

📋Vendor Advisories

Juniper

CVE-2005-3733: The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and↗2005-11-21

▶

Cisco

Multiple Vulnerabilities Found by PROTOS IPSec Test Suite↗2005-11-14

▶

Cisco

Multiple Vulnerabilities Found by PROTOS IPSec Test Suite↗

▶