Details of VAR-200412-0753

ID

VAR-200412-0753

CVE

CVE-2004-2621

TITLE

Nortel Contivity VPN Client Gateway Certificate Check Failure Vulnerability

Trust: 0.9

sources: BID: 11495 // CNNVD: CNNVD-200412-252

DESCRIPTION

Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. Nortel Contivity VPN Client is reported prone to a certificate check failure. The vulnerability is present because the VPN connection is established before the user permits the connection. This may allow the attacker to launch further attacks against the vulnerable computer. Nortel Contivity VPN Client is a VPN client. Remote attackers can exploit this vulnerability to further attack the target system. No detailed vulnerability details are currently available. Successful exploitation requires that an attacker is able to conduct a man-in-the-middle attack, thereby making the client connect to a malicious gateway. The vulnerability has been reported in version 4.91. Other versions may also be vulnerable. SOLUTION: Reportedly, this will be fixed in version 5.1 (expected to be released in the beginning of 2005). The vendor has not replied to any requests for comments on this issue. PROVIDED AND/OR DISCOVERED BY: Roger Sylvain from Solucom ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2004-2621 // BID: 11495 // VULHUB: VHN-11049 // PACKETSTORM: 34797

AFFECTED PRODUCTS

vendor:	nortel	model:	contivity	scope:	eq	version:	3.00	Trust: 1.6
vendor:	nortel	model:	contivity	scope:	eq	version:	5.01	Trust: 1.6
vendor:	nortel	model:	contivity	scope:	eq	version:	3.01	Trust: 1.6
vendor:	nortel	model:	contivity	scope:	eq	version:	4.91	Trust: 1.6
vendor:	nortel	model:	contivity	scope:	eq	version:	2.1.7	Trust: 1.6
vendor:	nortel	model:	networks contivity vpn client	scope:	eq	version:	4.91	Trust: 0.3

sources: BID: 11495 // CNNVD: CNNVD-200412-252 // NVD: CVE-2004-2621

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2621
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200412-252
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-11049
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-2621
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-11049
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-11049 // CNNVD: CNNVD-200412-252 // NVD: CVE-2004-2621

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2621

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-252

TYPE

Design Error

Trust: 0.9

sources: BID: 11495 // CNNVD: CNNVD-200412-252

EXTERNAL IDS

db:	BID	id:	11495	Trust: 2.0
db:	SECUNIA	id:	12881	Trust: 1.8
db:	OSVDB	id:	11002	Trust: 1.7
db:	SECTRACK	id:	1011846	Trust: 1.7
db:	NVD	id:	CVE-2004-2621	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-252	Trust: 0.7
db:	XF	id:	17812	Trust: 0.6
db:	NSFOCUS	id:	7051	Trust: 0.6
db:	VULHUB	id:	VHN-11049	Trust: 0.1
db:	PACKETSTORM	id:	34797	Trust: 0.1

sources: VULHUB: VHN-11049 // BID: 11495 // PACKETSTORM: 34797 // CNNVD: CNNVD-200412-252 // NVD: CVE-2004-2621

REFERENCES

url:	http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?level=6&category=8&subcategory=6&subtype=&documentoid=276620&renditionid=rend159588	Trust: 2.2
url:	http://www.securityfocus.com/bid/11495	Trust: 1.7
url:	http://www.osvdb.org/11002	Trust: 1.7
url:	http://securitytracker.com/id?1011846	Trust: 1.7
url:	http://secunia.com/advisories/12881	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17812	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/17812	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/7051	Trust: 0.6
url:	http://www.nortelnetworks.com/products/01/contivity/multi_os/	Trust: 0.3
url:	http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?level=6&category=8&subcategory=6&subtype=&documentoid=276620&renditionid=rend159588	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/12881/	Trust: 0.1
url:	http://secunia.com/product/2428/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-11049 // BID: 11495 // PACKETSTORM: 34797 // CNNVD: CNNVD-200412-252 // NVD: CVE-2004-2621

CREDITS

Sylvain Roger※ sylvain.roger@solucom.fr

Trust: 0.6

sources: CNNVD: CNNVD-200412-252

SOURCES

db:	VULHUB	id:	VHN-11049
db:	BID	id:	11495
db:	PACKETSTORM	id:	34797
db:	CNNVD	id:	CNNVD-200412-252
db:	NVD	id:	CVE-2004-2621

LAST UPDATE DATE

2024-08-14T15:15:06.909000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-11049	date:	2017-07-20T00:00:00
db:	BID	id:	11495	date:	2004-10-21T00:00:00
db:	CNNVD	id:	CNNVD-200412-252	date:	2006-08-30T00:00:00
db:	NVD	id:	CVE-2004-2621	date:	2017-07-20T01:29:02.440

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-11049	date:	2004-12-31T00:00:00
db:	BID	id:	11495	date:	2004-10-21T00:00:00
db:	PACKETSTORM	id:	34797	date:	2004-10-27T02:42:07
db:	CNNVD	id:	CNNVD-200412-252	date:	2004-10-21T00:00:00
db:	NVD	id:	CVE-2004-2621	date:	2004-12-31T05:00:00