Published: 10/05/2005 Updated: 18/10/2016

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote malicious users to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nissc ipsec 1.0

NVD-CWE-Other http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en http://www.kb.cert.org/vuls/id/302220 http://www.securityfocus.com/bid/13562 http://securitytracker.com/id?1015320 http://secunia.com/advisories/17938 http://www.vupen.com/english/advisories/2005/0507 http://www.vupen.com/english/advisories/2005/2806 http://www.securityfocus.com/archive/1/407774 http://marc.info/?l=bugtraq&m=111566201610350&w=2 https://nvd.nist.gov https://www.kb.cert.org/vuls/id/302220

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-0039

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect