CVE-2005-2025 - 漏洞详情

CVE-2005-2025 (CNNVD-200506-188)

MEDIUM

中文标题:

Cisco VPN集线器组名称枚举漏洞

英文标题:

Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by ...

CVSS分数: 5.0

发布时间: 2005-06-21 04:00:00

漏洞类型: 授权问题

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Cisco VPN系列集线器由通用的远程访问虚拟专网(VPN)平台和将高可用性、高性能和可扩展性与当今最先进的加密和认证技术结合在一起的客户机软件组成，可以为专业运营商或企业用户提供服务。 Cisco VPN集线器中存在远程组名称枚举漏洞，允许攻击者使用字典程序判断集线器上有效的组名称。一旦确定了有效的组名称，攻击者就可以接着从集线器获得口令哈希值，然后再破解这个值确定组口令。有效的组名称和口令对允许攻击者完成IKE第一阶段认证，对其他用户展开中间人攻击，最终导致非授权访问网络。

英文描述:

Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.

CWE类型:

（暂无数据）

受影响产品

厂商	产品	版本	版本范围	平台	CPE
cisco	vpn_3000_concentrator	*	-	-	`cpe:2.3:h:cisco:vpn_3000_concentrator::::::::`
cisco	vpn_3015_concentrator	*	-	-	`cpe:2.3:h:cisco:vpn_3015_concentrator::::::::`
cisco	vpn_3020_concentrator	*	-	-	`cpe:2.3:h:cisco:vpn_3020_concentrator::::::::`
cisco	vpn_3030_concentator	*	-	-	`cpe:2.3:h:cisco:vpn_3030_concentator::::::::`
cisco	vpn_3060_concentrator	*	-	-	`cpe:2.3:h:cisco:vpn_3060_concentrator::::::::`
cisco	vpn_3080_concentrator	*	-	-	`cpe:2.3:h:cisco:vpn_3080_concentrator::::::::`
cisco	vpn_3000_concentrator_series_software	2.0	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:::::::*`
cisco	vpn_3000_concentrator_series_software	2.5.2.a	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:::::::*`
cisco	vpn_3000_concentrator_series_software	2.5.2.b	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:::::::*`
cisco	vpn_3000_concentrator_series_software	2.5.2.c	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:::::::*`
cisco	vpn_3000_concentrator_series_software	2.5.2.d	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:::::::*`
cisco	vpn_3000_concentrator_series_software	2.5.2.f	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:::::::*`
cisco	vpn_3000_concentrator_series_software	3.0	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:::::::*`
cisco	vpn_3000_concentrator_series_software	3.0.3.a	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:::::::*`
cisco	vpn_3000_concentrator_series_software	3.0.3.b	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:::::::*`
cisco	vpn_3000_concentrator_series_software	3.0.4	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:::::::*`
cisco	vpn_3000_concentrator_series_software	3.1\(rel\)	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\(rel\):::::::*`
cisco	vpn_3000_concentrator_series_software	3.1.1	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:::::::*`
cisco	vpn_3000_concentrator_series_software	3.1.2	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:::::::*`
cisco	vpn_3000_concentrator_series_software	3.1.4	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:::::::*`
cisco	vpn_3000_concentrator_series_software	3.5\(rel\)	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\(rel\):::::::*`
cisco	vpn_3000_concentrator_series_software	3.5.1	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:::::::*`
cisco	vpn_3000_concentrator_series_software	3.5.2	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:::::::*`
cisco	vpn_3000_concentrator_series_software	3.5.3	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:::::::*`
cisco	vpn_3000_concentrator_series_software	3.5.4	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:::::::*`
cisco	vpn_3000_concentrator_series_software	3.5.5	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:::::::*`
cisco	vpn_3000_concentrator_series_software	3.6.1	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:::::::*`
cisco	vpn_3000_concentrator_series_software	3.6.3	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:::::::*`
cisco	vpn_3000_concentrator_series_software	3.6.5	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:::::::*`
cisco	vpn_3000_concentrator_series_software	3.6.7	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:::::::*`
cisco	vpn_3000_concentrator_series_software	3.6.7.a	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:::::::*`
cisco	vpn_3000_concentrator_series_software	3.6.7.b	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:::::::*`
cisco	vpn_3000_concentrator_series_software	3.6.7.c	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:::::::*`
cisco	vpn_3000_concentrator_series_software	3.6.7.d	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:::::::*`
cisco	vpn_3000_concentrator_series_software	3.6.7.f	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.f:::::::*`
cisco	vpn_3000_concentrator_series_software	3.6.7d	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:::::::*`
cisco	vpn_3000_concentrator_series_software	4.0	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:::::::*`
cisco	vpn_3000_concentrator_series_software	4.0.1	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.1:::::::*`
cisco	vpn_3000_concentrator_series_software	4.0.5.b	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.5.b:::::::*`
cisco	vpn_3000_concentrator_series_software	4.1	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1:::::::*`
cisco	vpn_3000_concentrator_series_software	4.1.5.b	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.5.b:::::::*`
cisco	vpn_3000_concentrator_series_software	4.1.7.a	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.a:::::::*`
cisco	vpn_3000_concentrator_series_software	4.1.7.b	-	-	`cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.b:::::::*`
cisco	vpn_3005_concentrator_software	4.0.1	-	-	`cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

无标题 x_refsource_MISC
cve.org

访问

13992 vdb-entry
cve.org

访问

ADV-2005-0822 vdb-entry
cve.org

访问

CVSS评分详情

5.0

MEDIUM

CVSS向量: AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS版本: 2.0

机密性

PARTIAL

完整性

NONE

可用性

NONE

时间信息

发布时间:

2005-06-21 04:00:00

修改时间:

2024-08-07 22:15:36

创建时间:

2025-11-11 15:32:27

更新时间:

2025-11-11 15:48:59

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2005-2025`	2025-11-11 15:17:34	2025-11-11 07:32:27
NVD	`nvd_CVE-2005-2025`	2025-11-11 14:51:19	2025-11-11 07:41:12
CNNVD	`cnnvd_CNNVD-200506-188`	2025-11-11 15:08:47	2025-11-11 07:48:59

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:48:59

vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-200506-188; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 授权问题
cnnvd_id: 未提取 -> CNNVD-200506-188
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:41:12

cvss_score: 未提取 → 5.0; cvss_vector: NOT_EXTRACTED → AV:N/AC:L/Au:N/C:P/I:N/A:N; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 44; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

cvss_score: 未提取 -> 5.0
cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss_version: NOT_EXTRACTED -> 2.0
affected_products_count: 0 -> 44
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2005-2025 (CNNVD-200506-188)

中文标题:

Cisco VPN集线器组名称枚举漏洞

英文标题:

Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by ...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史