Sign-up

ID

VAR-200511-0514


TITLE

Nortel Switched Firewall IKE Communication Multiple Security Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2005-4059

DESCRIPTION

Nortel's Switched Firewall is a small, rack-mounted firewall appliance that leverages unique accelerator technology and Check Point FW-1 NG software to protect high-traffic IT data centers, service provider networks, and hosting infrastructure. Multiple Nortel Switched Firewall products have vulnerabilities in handling IPSec IKE messages, which may be exploited by remote attackers to execute arbitrary commands on the host or cause a denial of service. IPSec's PROTOS test component tests the design limitations of IPSec implementation by sending malformed IKE messages to the target device. If a specific malformed message is received, a vulnerable firewall may refuse the service or execute arbitrary code. Nortel Switched Firewall is prone to multiple unspecified vulnerabilities in IKEv1. Some of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed. These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic

Trust: 0.81

sources: CNVD: CNVD-2005-4059 // BID: 15462

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2005-4059

AFFECTED PRODUCTS

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:nortelmodel:networks switched firewall seriesscope:eqversion:6000

Trust: 0.3

vendor:nortelmodel:networks switched firewall seriesscope:eqversion:5100

Trust: 0.3

vendor:nortelmodel:networks switched firewall seriesscope:eqversion:5000

Trust: 0.3

vendor:nortelmodel:networks alteon switched firewallscope:eqversion:5100

Trust: 0.3

sources: CNVD: CNVD-2005-4059 // BID: 15462

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2005-4059
value: HIGH

Trust: 0.6

CNVD: CNVD-2005-4059
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2005-4059

THREAT TYPE

network

Trust: 0.3

sources: BID: 15462

TYPE

Unknown

Trust: 0.3

sources: BID: 15462

PATCH

title:Nortel Switched Firewall IKE communication patch for multiple security vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/43094

Trust: 0.6

sources: CNVD: CNVD-2005-4059

EXTERNAL IDS

db:BIDid:15462

Trust: 0.9

db:CNVDid:CNVD-2005-4059

Trust: 0.6

sources: CNVD: CNVD-2005-4059 // BID: 15462

REFERENCES

url:http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=bltndetail&documentoid=367651&rendi

Trust: 0.6

url:http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=bltndetail&documentoid=367651&renditionid=

Trust: 0.3

url:http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en

Trust: 0.3

sources: CNVD: CNVD-2005-4059 // BID: 15462

CREDITS

Discovery is credited to NISCC, CERT-FI, and the Oulu University Secure Programming Group.

Trust: 0.3

sources: BID: 15462

SOURCES

db:CNVDid:CNVD-2005-4059
db:BIDid:15462

LAST UPDATE DATE

2022-05-17T01:42:45.205000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2005-4059date:2014-01-27T00:00:00
db:BIDid:15462date:2005-11-16T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2005-4059date:2005-11-16T00:00:00
db:BIDid:15462date:2005-11-16T00:00:00