CVE-2013-3436

Sažetak

The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698.

Reference

http://osvdb.org/95460
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3436
http://tools.cisco.com/security/center/viewAlert.x?alertId=30140
http://www.securityfocus.com/bid/61362
http://www.securitytracker.com/id/1028810
https://exchange.xforce.ibmcloud.com/vulnerabilities/85868

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

29-11-2017 - 02:29

Objavljeno

19-07-2013 - 14:36