What is the severity of CVE-2005-2025?

CVE-2005-2025 has a medium severity level due to its ability to disclose valid groupnames to remote attackers.

How do I fix CVE-2005-2025?

To fix CVE-2005-2025, upgrade the Cisco VPN 3000 Concentrator to version 4.1.7 or later.

What are the affected Cisco products for CVE-2005-2025?

The affected products include various models of Cisco VPN 3000 Concentrator series and the Cisco VPN 3005 Concentrator.

Can CVE-2005-2025 be exploited remotely?

Yes, CVE-2005-2025 can be exploited remotely by attackers sending crafted IKE packets.

What impact does CVE-2005-2025 have on Cisco's VPN 3000 devices?

CVE-2005-2025 allows attackers to determine valid groupnames, potentially leading to further attacks.

Vulnerability/
CVE-2005-2025

medium

CWE

NVD-CWE-Other

20/6/2005

21/6/2005

7/8/2024

CVE-2005-2025

First published: Mon Jun 20 2005(Updated: )

Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Cisco VPN 3000 concentrator series software
Cisco VPN 3015 Concentrator
Cisco VPN 3020 Concentrator
Cisco VPN 3030 Concentrator
Cisco VPN 3060 Concentrator
Cisco VPN 3080 Concentrator
Cisco VPN 3000 concentrator series software	=2.0
Cisco VPN 3000 concentrator series software	=2.5.2.a
Cisco VPN 3000 concentrator series software	=2.5.2.b
Cisco VPN 3000 concentrator series software	=2.5.2.c
Cisco VPN 3000 concentrator series software	=2.5.2.d
Cisco VPN 3000 concentrator series software	=2.5.2.f
Cisco VPN 3000 concentrator series software	=3.0
Cisco VPN 3000 concentrator series software	=3.0.3.a
Cisco VPN 3000 concentrator series software	=3.0.3.b
Cisco VPN 3000 concentrator series software	=3.0.4
Cisco VPN 3000 concentrator series software	=3.1\(rel\)
Cisco VPN 3000 concentrator series software	=3.1.1
Cisco VPN 3000 concentrator series software	=3.1.2
Cisco VPN 3000 concentrator series software	=3.1.4
Cisco VPN 3000 concentrator series software	=3.5\(rel\)
Cisco VPN 3000 concentrator series software	=3.5.1
Cisco VPN 3000 concentrator series software	=3.5.2
Cisco VPN 3000 concentrator series software	=3.5.3
Cisco VPN 3000 concentrator series software	=3.5.4
Cisco VPN 3000 concentrator series software	=3.5.5
Cisco VPN 3000 concentrator series software	=3.6.1
Cisco VPN 3000 concentrator series software	=3.6.3
Cisco VPN 3000 concentrator series software	=3.6.5
Cisco VPN 3000 concentrator series software	=3.6.7
Cisco VPN 3000 concentrator series software	=3.6.7.a
Cisco VPN 3000 concentrator series software	=3.6.7.b
Cisco VPN 3000 concentrator series software	=3.6.7.c
Cisco VPN 3000 concentrator series software	=3.6.7.d
Cisco VPN 3000 concentrator series software	=3.6.7.f
Cisco VPN 3000 concentrator series software	=3.6.7d
Cisco VPN 3000 concentrator series software	=4.0
Cisco VPN 3000 concentrator series software	=4.0.1
Cisco VPN 3000 concentrator series software	=4.0.5.b
Cisco VPN 3000 concentrator series software	=4.1
Cisco VPN 3000 concentrator series software	=4.1.5.b
Cisco VPN 3000 concentrator series software	=4.1.7.a
Cisco VPN 3000 concentrator series software	=4.1.7.b
Cisco VPN 3005 Concentrator	=4.0.1

Remedy

http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm

Remedy

http://www.securityfocus.com/bid/13992

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-2025?
CVE-2005-2025 has a medium severity level due to its ability to disclose valid groupnames to remote attackers.
How do I fix CVE-2005-2025?
To fix CVE-2005-2025, upgrade the Cisco VPN 3000 Concentrator to version 4.1.7 or later.
What are the affected Cisco products for CVE-2005-2025?
The affected products include various models of Cisco VPN 3000 Concentrator series and the Cisco VPN 3005 Concentrator.
Can CVE-2005-2025 be exploited remotely?
Yes, CVE-2005-2025 can be exploited remotely by attackers sending crafted IKE packets.
What impact does CVE-2005-2025 have on Cisco's VPN 3000 devices?
CVE-2005-2025 allows attackers to determine valid groupnames, potentially leading to further attacks.

agent/type
agent/remedy
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/references
agent/description
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/cisco
canonical/cisco vpn 3000 concentrator series software
canonical/cisco vpn 3015 concentrator
canonical/cisco vpn 3020 concentrator
canonical/cisco vpn 3030 concentrator
canonical/cisco vpn 3060 concentrator
canonical/cisco vpn 3080 concentrator
version/cisco vpn 3000 concentrator series software/2.0
version/cisco vpn 3000 concentrator series software/2.5.2.a
version/cisco vpn 3000 concentrator series software/2.5.2.b
version/cisco vpn 3000 concentrator series software/2.5.2.c
version/cisco vpn 3000 concentrator series software/2.5.2.d
version/cisco vpn 3000 concentrator series software/2.5.2.f
version/cisco vpn 3000 concentrator series software/3.0
version/cisco vpn 3000 concentrator series software/3.0.3.a
version/cisco vpn 3000 concentrator series software/3.0.3.b
version/cisco vpn 3000 concentrator series software/3.0.4
version/cisco vpn 3000 concentrator series software/3.1\(rel\)
version/cisco vpn 3000 concentrator series software/3.1.1
version/cisco vpn 3000 concentrator series software/3.1.2
version/cisco vpn 3000 concentrator series software/3.1.4
version/cisco vpn 3000 concentrator series software/3.5\(rel\)
version/cisco vpn 3000 concentrator series software/3.5.1
version/cisco vpn 3000 concentrator series software/3.5.2
version/cisco vpn 3000 concentrator series software/3.5.3
version/cisco vpn 3000 concentrator series software/3.5.4
version/cisco vpn 3000 concentrator series software/3.5.5
version/cisco vpn 3000 concentrator series software/3.6.1
version/cisco vpn 3000 concentrator series software/3.6.3
version/cisco vpn 3000 concentrator series software/3.6.5
version/cisco vpn 3000 concentrator series software/3.6.7
version/cisco vpn 3000 concentrator series software/3.6.7.a
version/cisco vpn 3000 concentrator series software/3.6.7.b
version/cisco vpn 3000 concentrator series software/3.6.7.c
version/cisco vpn 3000 concentrator series software/3.6.7.d
version/cisco vpn 3000 concentrator series software/3.6.7.f
version/cisco vpn 3000 concentrator series software/3.6.7d
version/cisco vpn 3000 concentrator series software/4.0
version/cisco vpn 3000 concentrator series software/4.0.1
version/cisco vpn 3000 concentrator series software/4.0.5.b
version/cisco vpn 3000 concentrator series software/4.1
version/cisco vpn 3000 concentrator series software/4.1.5.b
version/cisco vpn 3000 concentrator series software/4.1.7.a
version/cisco vpn 3000 concentrator series software/4.1.7.b
canonical/cisco vpn 3005 concentrator
version/cisco vpn 3005 concentrator/4.0.1

CVE-2005-2025

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-2025?

How do I fix CVE-2005-2025?

What are the affected Cisco products for CVE-2005-2025?

Can CVE-2005-2025 be exploited remotely?

What impact does CVE-2005-2025 have on Cisco's VPN 3000 devices?

Company

Resources

Contact