Vulnerabilities in the Internet Key Exchange Xauth Implementation

Type cisco
Reporter Cisco
Modified 2005-04-06T16:00:00


Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.

Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.

This advisory will be posted to [""]

Cisco has made free software available to address this vulnerability for affected customers.