Description |
---|
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. Impacted versions: 5.01, 3.01, 3.00, 2.1.7, 4.91 Base Score: 4.0, Severity: MEDIUM, ID: CVE-2004-2621, Last Modified: 2017-07-20T01:29:00Z References Vendor AdvisoryModemly Security Checklist Nortel-CONTIVITY-router-setup |
Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. Impacted versions: 5.01 Base Score: 4.6, Severity: MEDIUM, ID: CVE-2005-0844, Last Modified: 2017-07-11T01:32:00Z References Exploit Exploit Exploit ExploitModemly Security Checklist Nortel-CONTIVITY-router-setup |
Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. Impacted versions: 4.91 Base Score: 5.0, Severity: MEDIUM, ID: CVE-2004-1105, Last Modified: 2017-07-11T01:30:00Z References Vendor Advisory Third Party Advisory Third Party Advisory US Government Resource Patch PatchModemly Security Checklist Nortel-CONTIVITY-router-setup |
The vendor has addressed this issue through a product update that can be found at: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null~Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network. Impacted versions: 2000_vpn_switch, 4000_vpn_switch Base Score: 10.0, Severity: HIGH, ID: CVE-2007-2333, Last Modified: 2011-03-08T02:54:00Z References Patch Patch PatchModemly Security Checklist Nortel-CONTIVITY-router-setup |
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network.~The vendor has addressed this issue through a product update that can be found at: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null Impacted versions: 1000_vpn_switch Base Score: 10.0, Severity: HIGH, ID: CVE-2007-2333, Last Modified: 2011-03-08T02:54:00Z References Patch Patch PatchModemly Security Checklist Nortel-CONTIVITY-router-setup |
The vendor has addressed this issue with the following product update: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null~Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests. Impacted versions: 4000_vpn_switch Base Score: 7.5, Severity: HIGH, ID: CVE-2007-2334, Last Modified: 2011-03-08T02:54:00Z References Patch Patch Patch Patch PatchModemly Security Checklist Nortel-CONTIVITY-router-setup |
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests.~The vendor has addressed this issue with the following product update: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null Impacted versions: 1000_vpn_switch, 2000_vpn_switch Base Score: 7.5, Severity: HIGH, ID: CVE-2007-2334, Last Modified: 2011-03-08T02:54:00Z References Patch Patch Patch Patch PatchModemly Security Checklist Nortel-CONTIVITY-router-setup |
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. Impacted versions: 1500_vpn_switch, 4600_secure_ip_services_gateway, 2600_secure_ip_services_gateway, 4000_vpn_switch, 2000_vpn_switch, 1600_secure_ip_services_gateway, 2500_vpn_switch, 4500_secure_ip_services_gateway, 1000_vpn_switch Base Score: 5.0, Severity: MEDIUM, ID: CVE-2005-1802, Last Modified: 2008-09-05T20:50:00Z References Patch PatchModemly Security Checklist Nortel-CONTIVITY-router-setup |
USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.