ID

VAR-200602-0449


TITLE

Nortel Networks Multiple IPSec Product Remote Denial of Service Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2006-0613

DESCRIPTION

Nortel Networks is the industry's leading provider of communications equipment, offering a wide range of network communications equipment. A remote denial of service vulnerability exists in multiple VPN products from Nortel Networks. This vulnerability is triggered if a special network communication is handled, causing the IPSec software to fail to process ESP traffic, causing a denial of service. The specific content and type of network traffic sufficient to trigger this issue are currently unknown. This issue is reportedly being tracked by Nortel as support case 060110-04843. Nortel IPSec client software version v04_60.51 and newer is reportedly susceptible to this issue. Further reports indicate this issue is exploitable only through an existing IPSec tunnel and only via a valid remote access account. NOTE: Further analysis and reports have indicated that this issue is limited to the VPN Client. Therefore, we have determined that this does not present a security threat. This BID is being retired

Trust: 0.81

sources: CNVD: CNVD-2006-0613 // BID: 16479

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-0613

AFFECTED PRODUCTS

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:nortelmodel:networks vpn routerscope:eqversion:6000

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:5000

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:2700

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1740

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1700

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1100

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1050

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1010

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope: - version: -

Trust: 0.3

vendor:nortelmodel:networks contivity vpn client 1 100scope:eqversion:5.0

Trust: 0.3

vendor:nortelmodel:networks contivity vpn client 1 030scope:eqversion:5.0

Trust: 0.3

vendor:nortelmodel:networks contivity vpn clientscope:eqversion:4.91

Trust: 0.3

vendor:nortelmodel:networks contivity vpn clientscope:eqversion:4.86

Trust: 0.3

vendor:nortelmodel:networks contivity vpn clientscope:eqversion:4.60.51

Trust: 0.3

vendor:nortelmodel:networks contivity secure ip services gatewayscope:eqversion:4600

Trust: 0.3

vendor:nortelmodel:networks contivity secure ip services gatewayscope:eqversion:4500

Trust: 0.3

vendor:nortelmodel:networks contivity vpn switchscope:eqversion:4000

Trust: 0.3

vendor:nortelmodel:networks contivity secure ip services gatewayscope:eqversion:2600

Trust: 0.3

vendor:nortelmodel:networks contivity vpn switchscope:eqversion:2500

Trust: 0.3

vendor:nortelmodel:networks contivity vpn switchscope:eqversion:2000

Trust: 0.3

vendor:nortelmodel:networks contivity secure ip services gatewayscope:eqversion:1600

Trust: 0.3

vendor:nortelmodel:networks contivity vpn switchscope:eqversion:1500

Trust: 0.3

vendor:nortelmodel:networks contivity vpn switchscope:eqversion:1000

Trust: 0.3

sources: CNVD: CNVD-2006-0613 // BID: 16479

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2006-0613
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2006-0613
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2006-0613

THREAT TYPE

network

Trust: 0.3

sources: BID: 16479

TYPE

Unknown

Trust: 0.3

sources: BID: 16479

EXTERNAL IDS

db:BIDid:16479

Trust: 0.9

db:CNVDid:CNVD-2006-0613

Trust: 0.6

sources: CNVD: CNVD-2006-0613 // BID: 16479

REFERENCES

url:http://www.securityfocus.com/bid/16479

Trust: 0.6

url:http://www.nortelnetworks.com/index.html

Trust: 0.3

url:http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=secureadvisory

Trust: 0.3

sources: CNVD: CNVD-2006-0613 // BID: 16479

CREDITS

"Hatch, Stephen A" <stephen.a.hatch@boeing.com> reported this issue to the vendor.

Trust: 0.3

sources: BID: 16479

SOURCES

db:CNVDid:CNVD-2006-0613
db:BIDid:16479

LAST UPDATE DATE

2022-05-17T02:02:56.338000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-0613date:2014-01-24T00:00:00
db:BIDid:16479date:2006-02-13T16:33:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-0613date:2006-02-02T00:00:00
db:BIDid:16479date:2006-02-02T00:00:00