| Vulnerability Name: | CVE-2005-2359 (CCN-21551) | ||||||||
| Assigned: | 2005-07-27 | ||||||||
| Published: | 2005-07-27 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec Incorrect key usage in AES-XCBC-MAC Source: FREEBSD Type: UNKNOWN FreeBSD-SA-05:19 Source: MITRE Type: CNA CVE-2005-2359 Source: CCN Type: SA16244 FreeBSD IPsec AES-XCBC-MAC Authentication Security Issue Source: SECUNIA Type: Patch, Vendor Advisory 16244 Source: CCN Type: SECTRACK ID: 1014586 FreeBSD Bug in IPSec AES-XCBC-MAC Algorithm May Cause the Incorrect Key to Be Used Source: SECTRACK Type: UNKNOWN 1014586 Source: CCN Type: OSVDB ID: 18297 FreeBSD IPsec AES-XCBC-MAC Persistent Key Use Source: BID Type: UNKNOWN 14394 Source: CCN Type: BID-14394 BSD IPsec Session AES-XCBC-MAC Authentication Constant Key Usage Vulnerability Source: XF Type: UNKNOWN freebsd-aesxcbcmac-security-bypass(21551) Source: XF Type: UNKNOWN freebsd-aesxcbcmac-security-bypass(21551) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||