Vulnerabilities in the Internet Key Exchange Xauth Implementation - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco Internetwork Operating System (IOS) Software release trains
12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain
Internet Key Exchange (IKE) Xauth messages when configured to be an
Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an
unauthorized user to complete authentication and potentially access
network resources.

See also :

http://www.nessus.org/u?d6d9f923
http://www.nessus.org/u?5216373c

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20050406-xauth.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.1
(CVSS2#E:U/RL:W/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 48984 (cisco-sa-20050406-xauth.nasl)

Bugtraq ID: 13031
13033

CVE ID: CVE-2005-1057
CVE-2005-1058

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial