CVE-2013-3436

The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698.
Configurations

Configuration 1 (hide)

cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:53

Type Values Removed Values Added
References () http://osvdb.org/95460 - () http://osvdb.org/95460 -
References () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3436 - Vendor Advisory () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3436 - Vendor Advisory
References () http://tools.cisco.com/security/center/viewAlert.x?alertId=30140 - Vendor Advisory () http://tools.cisco.com/security/center/viewAlert.x?alertId=30140 - Vendor Advisory
References () http://www.securityfocus.com/bid/61362 - () http://www.securityfocus.com/bid/61362 -
References () http://www.securitytracker.com/id/1028810 - () http://www.securitytracker.com/id/1028810 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/85868 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/85868 -

Information

Published : 2013-07-19 14:36

Updated : 2024-11-21 01:53


NVD link : CVE-2013-3436

Mitre link : CVE-2013-3436

CVE.ORG link : CVE-2013-3436


JSON object : View

Products Affected

cisco

  • ios
CWE
CWE-264

Permissions, Privileges, and Access Controls