Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2621

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2004-2621
Last Modified 07 Mar 2011 09:19:11
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-2621

Summary

Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.

Vulnerable Systems


References

XF - nortel-contivity-gain-access(17812)

CONFIRM - http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?level=6&category=8&subcategory=6&subtype=&DocumentOID=276620&RenditionID=REND159588

BID - 11495

OSVDB - 11002

SECTRACK - 1011846

SECUNIA - 12881


Last Updated: 27 May 2016 10:39:33