Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco VPN集线器组名称枚举漏洞
Vulnerability Description
Cisco VPN系列集线器由通用的远程访问虚拟专网(VPN)平台和将高可用性、高性能和可扩展性与当今最先进的加密和认证技术结合在一起的客户机软件组成,可以为专业运营商或企业用户提供服务。 Cisco VPN集线器中存在远程组名称枚举漏洞,允许攻击者使用字典程序判断集线器上有效的组名称。一旦确定了有效的组名称,攻击者就可以接着从集线器获得口令哈希值,然后再破解这个值确定组口令。 有效的组名称和口令对允许攻击者完成IKE第一阶段认证,对其他用户展开中间人攻击,最终导致非授权访问网络。
CVSS Information
N/A
Vulnerability Type
N/A