Vulnerabilities in the Internet Key Exchange Xauth Implementation

2005-04-06T16:00:00
ID CISCO-SA-20050406-XAUTH
Type cisco
Reporter Cisco
Modified 2005-04-06T16:00:00

Description

Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.

Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.

This advisory will be posted to http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050406-xauth ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050406-xauth"]

Cisco has made free software available to address this vulnerability for affected customers.