2811 matches found
CVE-2016-8492
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...
CVE-2016-8492
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...
CVE-2016-8492
CVE-2016-8492 describes an information-disclosure vulnerability in Fortinet FortiGate/FortiOS where the ANSI X9.31 RNG is used in long‑lived security channels (IPSec/TLS), potentially allowing unauthorized read access to data. Connected sources confirm this relates to DUHK-style weaknesses in RNG...
Siemens SIMATIC CP 343-1 Advanced IKEv1 Cipher Suite Configuration Vulnerability
The SIMATIC CP 343-1 Advanced product allows configuration of the IKEv1 cipher suite configuration, which specifies the IKE and Encapsulating Security Payload ESP supported algorithms, with one cipher for each setting. It is evaluated that the configuration is not consistent with the supported...
Information Disclosure
mcrypt is vulnerable to information exposure. The vulnerability exists because TLS, SSH, and IPSec protocols have missing validate birthday bound which allows to remote attack access confidential information in system...
MS15-120: Security update for IPsec to address denial of service: November 10, 2015
MS15-120: Security update for IPsec to address denial of service: November 10, 2015 Summary This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the system to become unresponsive. To exploit the...
ipsec-tools -- remotely exploitable computational-complexity attack
Robert Foggia via NetBSD GNATS reports: The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly...
CentOS 7 : libreswan (CESA-2016:2603)
An update for libreswan is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
libreswan security update
CentOS Errata and Security Advisory CESA-2016:2603 An update for libreswan is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...
DUHK Attack against Fortinet Products
When devices use ANSI X9.31 RNG which was removed from the list of FIPS-approved random number generation algorithms in January 2016 to generate cryptographic key under a static seed and under use with long-lived security tunnels like SSL/TLS/SSH/IPSec, such devices are vulnerable to the DUHK...
CVE-2016-6466
A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. This vulnerability affects the...
Race condition
A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. This vulnerability affects the...
CVE-2016-6466
A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. This vulnerability affects the...
CVE-2016-6466
CVE-2016-6466 affects Cisco ASR 5000/5500 Series routers and Cisco VPC, via the StarOS IPsec component (ipsecmgr). The issue arises from improper processing of IKE messages, allowing an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new ones, causing a DoS ...
Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability
A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. The vulnerability is due to...
RHEL 7 : libreswan (RHSA-2016:2603)
An update for libreswan is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
RedHat Update for libreswan RHSA-2016:2603-02
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: libreswan security and bug fix update
An update for libreswan is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Memory corruption
A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service line card reset via certain constructed IPsec control packets...
CVE-2016-8203
A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service line card reset via certain constructed IPsec control packets...