Lucene search

[email protected]CVE-2005-3768

HistoryNov 23, 2005 - 12:03 a.m.

CVE-2005-3768

2005-11-2300:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3768

buffer overflow

ikev1

symantec

dynamic vpn services

enterprise firewall

gateway security

firewall

vulnerability

nvd

8.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

CPENameOperatorVersion
symantec:enterprise_firewallsymantec enterprise firewalleq8.0
symantec:firewall_vpn_appliance_200symantec firewall vpn appliance 200eq*
symantec:gateway_security_5400symantec gateway security 5400eq2.0.1
symantec:gateway_security_300symantec gateway security 300eq2.0
symantec:gateway_security_5100symantec gateway security 5100eq*
symantec:gateway_security_400symantec gateway security 400eq2.0
symantec:gateway_security_5310symantec gateway security 5310eq1.0
symantec:gateway_security_5000_seriessymantec gateway security 5000 serieseq3.0
symantec:gateway_security_5300symantec gateway security 5300eq1.0
symantec:firewall_vpn_appliance_100symantec firewall vpn appliance 100eq*

CPE	Name	Operator	Version
symantec:enterprise_firewall	symantec enterprise firewall	eq	8.0
symantec:firewall_vpn_appliance_200	symantec firewall vpn appliance 200	eq	*
symantec:gateway_security_5400	symantec gateway security 5400	eq	2.0.1
symantec:gateway_security_300	symantec gateway security 300	eq	2.0
symantec:gateway_security_5100	symantec gateway security 5100	eq	*
symantec:gateway_security_400	symantec gateway security 400	eq	2.0
symantec:gateway_security_5310	symantec gateway security 5310	eq	1.0
symantec:gateway_security_5000_series	symantec gateway security 5000 series	eq	3.0
symantec:gateway_security_5300	symantec gateway security 5300	eq	1.0
symantec:firewall_vpn_appliance_100	symantec firewall vpn appliance 100	eq	*

References

secunia.com/advisories/17684

securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html

securitytracker.com/id?1015247

securitytracker.com/id?1015248

securitytracker.com/id?1015249

www.vupen.com/english/advisories/2005/2517

8.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

Related for CVE-2005-3768

cisco1