CVE-2005-3768

CWE-3994 documents4 sources

Severity

7.5HIGH

EPSS

4.0%

top 11.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Enterprise Firewall Symantec Gateway Security 300 Symantec Gateway Security 400 +4 more

Timeline

PublishedNov 23

Latest updateMay 1

Description

Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

▶NVDsymantec/enterprise_firewall8.0

▶NVDsymantec/gateway_security_3002.0

▶NVDsymantec/gateway_security_4002.0

▶NVDsymantec/gateway_security_53001.0

▶NVDsymantec/gateway_security_53101.0

Patches

Patch: secunia.com ↗Patch: securityresponse.symantec.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-382c-gf8c-2jc8: Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gatewa↗2022-05-01

▶

CVEList

CVE-2005-3768: Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gatewa↗2005-11-23

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities Found by PROTOS IPSec Test Suite↗2005-11-14

▶