VAR-200602-0449
Vulnerability from variot - Updated: 2022-05-17 02:02Nortel Networks is the industry's leading provider of communications equipment, offering a wide range of network communications equipment. A remote denial of service vulnerability exists in multiple VPN products from Nortel Networks. This vulnerability is triggered if a special network communication is handled, causing the IPSec software to fail to process ESP traffic, causing a denial of service. The specific content and type of network traffic sufficient to trigger this issue are currently unknown. This issue is reportedly being tracked by Nortel as support case 060110-04843. Nortel IPSec client software version v04_60.51 and newer is reportedly susceptible to this issue. Further reports indicate this issue is exploitable only through an existing IPSec tunnel and only via a valid remote access account. NOTE: Further analysis and reports have indicated that this issue is limited to the VPN Client. Therefore, we have determined that this does not present a security threat. This BID is being retired
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200602-0449",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "networks vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "6000"
},
{
"model": "networks vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "5000"
},
{
"model": "networks vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2700"
},
{
"model": "networks vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "1740"
},
{
"model": "networks vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "1700"
},
{
"model": "networks vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "1100"
},
{
"model": "networks vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "1050"
},
{
"model": "networks vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "1010"
},
{
"model": "networks vpn router",
"scope": null,
"trust": 0.3,
"vendor": "nortel",
"version": null
},
{
"model": "networks contivity vpn client 1 100",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "5.0"
},
{
"model": "networks contivity vpn client 1 030",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "5.0"
},
{
"model": "networks contivity vpn client",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "4.91"
},
{
"model": "networks contivity vpn client",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "4.86"
},
{
"model": "networks contivity vpn client",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "4.60.51"
},
{
"model": "networks contivity secure ip services gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "4600"
},
{
"model": "networks contivity secure ip services gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "4500"
},
{
"model": "networks contivity vpn switch",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "4000"
},
{
"model": "networks contivity secure ip services gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2600"
},
{
"model": "networks contivity vpn switch",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2500"
},
{
"model": "networks contivity vpn switch",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000"
},
{
"model": "networks contivity secure ip services gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "1600"
},
{
"model": "networks contivity vpn switch",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "1500"
},
{
"model": "networks contivity vpn switch",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "1000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0613"
},
{
"db": "BID",
"id": "16479"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\"Hatch, Stephen A\" \u003cstephen.a.hatch@boeing.com\u003e reported this issue to the vendor.",
"sources": [
{
"db": "BID",
"id": "16479"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2006-0613",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2006-0613",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0613"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nortel Networks is the industry\u0027s leading provider of communications equipment, offering a wide range of network communications equipment. A remote denial of service vulnerability exists in multiple VPN products from Nortel Networks. This vulnerability is triggered if a special network communication is handled, causing the IPSec software to fail to process ESP traffic, causing a denial of service. The specific content and type of network traffic sufficient to trigger this issue are currently unknown. \nThis issue is reportedly being tracked by Nortel as support case 060110-04843. \nNortel IPSec client software version v04_60.51 and newer is reportedly susceptible to this issue. \nFurther reports indicate this issue is exploitable only through an existing IPSec tunnel and only via a valid remote access account. \nNOTE: Further analysis and reports have indicated that this issue is limited to the VPN Client. Therefore, we have determined that this does not present a security threat. This BID is being retired",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0613"
},
{
"db": "BID",
"id": "16479"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "16479",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2006-0613",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0613"
},
{
"db": "BID",
"id": "16479"
}
]
},
"id": "VAR-200602-0449",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0613"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0613"
}
]
},
"last_update_date": "2022-05-17T02:02:56.338000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/16479"
},
{
"trust": 0.3,
"url": "http://www.nortelnetworks.com/index.html"
},
{
"trust": 0.3,
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=secureadvisory"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0613"
},
{
"db": "BID",
"id": "16479"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-0613"
},
{
"db": "BID",
"id": "16479"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-0613"
},
{
"date": "2006-02-02T00:00:00",
"db": "BID",
"id": "16479"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-0613"
},
{
"date": "2006-02-13T16:33:00",
"db": "BID",
"id": "16479"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "16479"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nortel Networks Multiple IPSec Product Remote Denial of Service Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0613"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "16479"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…