nortel vpn_router_5000 Security Vulnerabilities

4 Vulnerabilities

Description
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network.~The vendor has addressed this issue through a product update that can be found at: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null Impacted versions: * Base Score: 10.0, Severity: HIGH, ID: CVE-2007-2333, Last Modified: 2011-03-08T02:54:00Z References Patch Patch Patch
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests.~The vendor has addressed this issue with the following product update: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null Impacted versions: * Base Score: 7.5, Severity: HIGH, ID: CVE-2007-2334, Last Modified: 2011-03-08T02:54:00Z References Patch Patch Patch Patch Patch
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store. Impacted versions: * Base Score: 9.0, Severity: HIGH, ID: CVE-2007-2332, Last Modified: 2011-03-08T02:54:00Z References Vendor Advisory
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. Impacted versions: * Base Score: 5.0, Severity: MEDIUM, ID: CVE-2005-1802, Last Modified: 2008-09-05T20:50:00Z References Patch Patch

Description

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network.~The vendor has addressed this issue through a product update that can be found at: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null

Impacted versions: *

Base Score: 10.0, Severity: HIGH, ID: CVE-2007-2333, Last Modified: 2011-03-08T02:54:00Z

References

Patch Patch Patch

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests.~The vendor has addressed this issue with the following product update: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null

Impacted versions: *

Base Score: 7.5, Severity: HIGH, ID: CVE-2007-2334, Last Modified: 2011-03-08T02:54:00Z

References

Patch Patch Patch Patch Patch

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.

Impacted versions: *

Base Score: 9.0, Severity: HIGH, ID: CVE-2007-2332, Last Modified: 2011-03-08T02:54:00Z

References

Vendor Advisory

Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.

Impacted versions: *

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2005-1802, Last Modified: 2008-09-05T20:50:00Z

References

Patch Patch

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.