Vulnerability Details CVE-2005-2359
The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.6%
CVSS Severity
CVSS v2 Score 5.0
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc
- http://secunia.com/advisories/16244/
- http://securitytracker.com/id?1014586
- http://www.securityfocus.com/bid/14394
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21551
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc
- http://secunia.com/advisories/16244/
- http://securitytracker.com/id?1014586
- http://www.securityfocus.com/bid/14394
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21551