Vulnerability Details CVE-2005-2640
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.059
EPSS Ranking 90.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=112438068426034&w=2
- http://secunia.com/advisories/16474/
- http://securitytracker.com/id?1014728
- http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm
- http://www.securityfocus.com/bid/14595
- http://marc.info/?l=bugtraq&m=112438068426034&w=2
- http://secunia.com/advisories/16474/
- http://securitytracker.com/id?1014728
- http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm
- http://www.securityfocus.com/bid/14595
Products affected by CVE-2005-2640
-
cpe:2.3:a:neoteris:instant_virtual_extranet:3.0
-
cpe:2.3:a:neoteris:instant_virtual_extranet:3.1
-
cpe:2.3:a:neoteris:instant_virtual_extranet:3.2
-
cpe:2.3:a:neoteris:instant_virtual_extranet:3.3
-
cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1
-
cpe:2.3:h:juniper:netscreen-5gt:5.0
-
cpe:2.3:h:juniper:netscreen-idp:3.0
-
cpe:2.3:h:juniper:netscreen-idp:3.0r1
-
cpe:2.3:h:juniper:netscreen-idp:3.0r2
-
cpe:2.3:h:juniper:netscreen-idp_1000:3.0.1_r1
-
cpe:2.3:h:juniper:netscreen-idp_100:3.0.1_r1
-
cpe:2.3:h:juniper:netscreen-idp_10:3.0.1_r1
-
cpe:2.3:h:juniper:netscreen-idp_500:3.0.1_r1
-
cpe:2.3:h:netscreen:netscreen-sa_5000_series:*
-
cpe:2.3:h:netscreen:netscreen-sa_5020_series:4.2_r2.2
-
cpe:2.3:h:netscreen:netscreen-sa_5050_series:4.2_r2.2
-
cpe:2.3:o:juniper:netscreen_screenos:1.64
-
cpe:2.3:o:juniper:netscreen_screenos:1.66
-
cpe:2.3:o:juniper:netscreen_screenos:1.66_r2
-
cpe:2.3:o:juniper:netscreen_screenos:1.7
-
cpe:2.3:o:juniper:netscreen_screenos:1.73_r1
-
cpe:2.3:o:juniper:netscreen_screenos:1.73_r2
-
cpe:2.3:o:juniper:netscreen_screenos:2.0.1_r8
-
cpe:2.3:o:juniper:netscreen_screenos:2.1
-
cpe:2.3:o:juniper:netscreen_screenos:2.10_r3
-
cpe:2.3:o:juniper:netscreen_screenos:2.10_r4
-
cpe:2.3:o:juniper:netscreen_screenos:2.1_r6
-
cpe:2.3:o:juniper:netscreen_screenos:2.1_r7
-
cpe:2.3:o:juniper:netscreen_screenos:2.5
-
cpe:2.3:o:juniper:netscreen_screenos:2.5r1
-
cpe:2.3:o:juniper:netscreen_screenos:2.5r2
-
cpe:2.3:o:juniper:netscreen_screenos:2.5r6
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.0
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1r1
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1r10
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1r11
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1r12
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1r2
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1r3
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1r4
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1r5
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1r6
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1r7
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1r8
-
cpe:2.3:o:juniper:netscreen_screenos:2.6.1r9
-
cpe:2.3:o:juniper:netscreen_screenos:2.7.1
-
cpe:2.3:o:juniper:netscreen_screenos:2.7.1r1
-
cpe:2.3:o:juniper:netscreen_screenos:2.7.1r2
-
cpe:2.3:o:juniper:netscreen_screenos:2.7.1r3
-
cpe:2.3:o:juniper:netscreen_screenos:2.8
-
cpe:2.3:o:juniper:netscreen_screenos:2.8_r1
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.0
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.0r1
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.0r2
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.0r3
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.0r4
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.1
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.1r1
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.1r2
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.1r3
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.1r4
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.1r5
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.1r6
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.1r7
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.2
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.3
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.3_r1.1
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.3r1
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.3r2
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.3r3
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.3r4
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.3r5
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.3r6
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.3r7
-
cpe:2.3:o:juniper:netscreen_screenos:3.0.3r8
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r1
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r10
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r11
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r12
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r2
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r3
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r4
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r5
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r6
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r7
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r8
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.0r9
-
cpe:2.3:o:juniper:netscreen_screenos:3.1.1_r2
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r1
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r10
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r11
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r12
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r2
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r3
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r4
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r5
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r6
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r7
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r8
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.0r9
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.1
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r1
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r10
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r2
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r3
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r4
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r5
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r6
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r7
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r8
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.1r9
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.2
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.3
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.3r1
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.3r2
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.3r3
-
cpe:2.3:o:juniper:netscreen_screenos:4.0.3r4
-
cpe:2.3:o:juniper:netscreen_screenos:5.0.0
-
cpe:2.3:o:juniper:netscreen_screenos:5.1.0
-
cpe:2.3:o:juniper:netscreen_screenos:5.1.0r3a
-
cpe:2.3:o:juniper:netscreen_screenos:5.2.0
-
cpe:2.3:o:netscreen:ns-100:3.0_.pe1.0
-
cpe:2.3:o:netscreen:ns-10:*
-
cpe:2.3:o:netscreen:ns-204:0110.0_11_4.0_r10.0
-
cpe:2.3:o:netscreen:ns-204:0110.0_11_5.1.0_r3a
-
cpe:2.3:o:netscreen:ns-204:5.0.0_r6.0
-
cpe:2.3:o:netscreen:ns-500:4110.0_11_4.0_r10.0
-
cpe:2.3:o:netscreen:ns-500:4110.0_11_5.1.0_r3a
-
cpe:2.3:o:netscreen:ns-50ns25:5.0.0_r6.0