CVE-2005-2640

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=112438068426034&w=2
http://secunia.com/advisories/16474/	Vendor Advisory
http://securitytracker.com/id?1014728
http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm	Exploit Vendor Advisory
http://www.securityfocus.com/bid/14595	Exploit
http://marc.info/?l=bugtraq&m=112438068426034&w=2
http://secunia.com/advisories/16474/	Vendor Advisory
http://securitytracker.com/id?1014728
http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm	Exploit Vendor Advisory
http://www.securityfocus.com/bid/14595	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:::::::*
	cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:::::::*
	cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:::::::*
	cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:::::::*
	cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:juniper:netscreen_screenos:1.7:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:1.64:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:1.66:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:1.66_r2:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:1.73_r1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:1.73_r2:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.0.1_r8:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.1_r6:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.1_r7:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.5:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.5r1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.5r2:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.5r6:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.0:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1r1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1r2:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1r3:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1r4:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1r5:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1r6:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1r7:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1r8:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1r9:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1r10:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1r11:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.6.1r12:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.7.1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.7.1r1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.7.1r2:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.7.1r3:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.8:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.8_r1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.10_r3:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:2.10_r4:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.0:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.0r1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.0r2:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.0r3:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.0r4:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.1r1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.1r2:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.1r3:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.1r4:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.1r5:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.1r6:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.1r7:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.2:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.3:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.3_r1.1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.3r1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.3r2:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.3r3:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.3r4:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.3r5:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.3r6:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.3r7:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.0.3r8:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.1.0:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.1.0r1:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.1.0r2:::::::*
	cpe:2.3:o:juniper:netscreen_screenos:3.1.0r3:::::::*
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r4:::::::*
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r5:::::::*
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r6:::::::*
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r7:::::::*
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r8:::::::*
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r9:::::::*
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r10:::::::*
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r11:::::::*
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r12:::::::*
cpe:2.3:o:juniper:netscreen_screenos:3.1.1_r2:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0::dial:::::
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r1:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r2:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r3:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r4:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r5:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r6:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r7:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r8:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r9:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r10:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r11:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r12:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.1:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r1:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r2:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r3:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r4:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r5:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r6:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r7:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r8:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r9:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r10:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.2:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.3:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.3r1:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.3r2:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.3r3:::::::*
cpe:2.3:o:juniper:netscreen_screenos:4.0.3r4:::::::*
cpe:2.3:o:juniper:netscreen_screenos:5.0.0:::::::*
cpe:2.3:o:juniper:netscreen_screenos:5.1.0:::::::*
cpe:2.3:o:juniper:netscreen_screenos:5.1.0r3a:::::::*
cpe:2.3:o:juniper:netscreen_screenos:5.2.0:::::::*
cpe:2.3:o:netscreen:ns-10::::::::
cpe:2.3:o:netscreen:ns-100:3.0_.pe1.0:::::::*
cpe:2.3:o:netscreen:ns-204:5.0.0_r6.0:::::::*
cpe:2.3:o:netscreen:ns-204:0110.0_11_4.0_r10.0:::::::*
cpe:2.3:o:netscreen:ns-204:0110.0_11_5.1.0_r3a:::::::*
cpe:2.3:o:netscreen:ns-500:4110.0_11_4.0_r10.0:::::::*
cpe:2.3:o:netscreen:ns-500:4110.0_11_5.1.0_r3a:::::::*
cpe:2.3:o:netscreen:ns-50ns25:5.0.0_r6.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:h:juniper:netscreen-5gt:5.0:::::::*
	cpe:2.3:h:juniper:netscreen-idp:3.0:::::::*
	cpe:2.3:h:juniper:netscreen-idp:3.0r1:::::::*
	cpe:2.3:h:juniper:netscreen-idp:3.0r2:::::::*
	cpe:2.3:h:juniper:netscreen-idp_10:3.0.1_r1:::::::*
	cpe:2.3:h:juniper:netscreen-idp_100:3.0.1_r1:::::::*
	cpe:2.3:h:juniper:netscreen-idp_1000:3.0.1_r1:::::::*
	cpe:2.3:h:juniper:netscreen-idp_500:3.0.1_r1:::::::*
	cpe:2.3:h:netscreen:netscreen-sa_5000_series::::::::
	cpe:2.3:h:netscreen:netscreen-sa_5020_series:4.2_r2.2:::::::*
	cpe:2.3:h:netscreen:netscreen-sa_5050_series:4.2_r2.2:::::::*

History

21 Nov 2024, 00:00

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=112438068426034&w=2 -~~	() http://marc.info/?l=bugtraq&m=112438068426034&w=2 -
References	~~() http://secunia.com/advisories/16474/ - Vendor Advisory~~	() http://secunia.com/advisories/16474/ - Vendor Advisory
References	~~() http://securitytracker.com/id?1014728 -~~	() http://securitytracker.com/id?1014728 -
References	~~() http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm - Exploit, Vendor Advisory~~	() http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm - Exploit, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/14595 - Exploit~~	() http://www.securityfocus.com/bid/14595 - Exploit

Information

Published : 2005-08-23 04:00

Updated : 2024-11-21 00:00

NVD link : CVE-2005-2640

Mitre link : CVE-2005-2640

CVE.ORG link : CVE-2005-2640

JSON object : View

Products Affected

netscreen

ns-50ns25
ns-500
netscreen-sa_5020_series
ns-10
ns-100
ns-204
netscreen-sa_5000_series
netscreen-sa_5050_series

juniper

netscreen_screenos
netscreen-idp
netscreen-idp_1000
netscreen-idp_10
netscreen-idp_500
netscreen-idp_100
netscreen-5gt

neoteris

instant_virtual_extranet

CWE

NVD-CWE-Other

5.0 /10