### Vulnerability ID - NISCC-273756 ### Vulnerability Description - Multiple vulnerabilities exist in the implementation of the ISAKMP/IKEv1 protocol, used for managing encryption methods in IPsec communication. These issues were identified during testing of IKEv1 Phase 1 using the PROTOS testing tool developed by the University of Oulu. ### Affected Systems - Products implementing ISAKMP/IKEv1 (see vendor information for details) ### Potential Impact - Depending on the product, impacts may include DoS attacks or arbitrary code execution. ### Mitigation - It is recommended to avoid using aggressive mode in IKEv1 Phase 1 communication and to configure packet filters to reduce the impact of these vulnerabilities. ### Vendor Information | Vendor | Status | Last Update Date | Vendor Notification Page | |-------------------------|------------------------------|------------------|-------------------------------| | ArbideTelelisis Corp. | Affected products exist | 2006/03/10 | [Notification Page](#) | | InternetInitiatives Co. | Affected products exist (under investigation) | 2005/12/15 | - | | SysSystem Company | Affected products exist | 2005/11/22 | - | | Sintéli Systems | Affected products exist | 2005/11/15 | [Notification Page](#) | | Texmat Conclusion | No affected products (under investigation) | 2005/11/30 | - | | BackPaoreo Software Co. | No affected products | 2005/11/14 | - | | MaServe | Affected products exist | 2005/11/14 | [Notification Page](#) | | KOSON Corporation | Affected products exist | 2005/11/14 | - | | Fujitsu Co. | Affected products exist | 2015/10/19 | - | | Japan Computer | Affected products exist (under investigation) | 2005/12/27 | - | | Nisic | No affected products | 2005/12/24 | - | | MATTA Co. | Affected products exist (under investigation) | 2005/11/14 | - | ### References 1. [@police](#) Vulnerabilities in machines implementing ISAKMP (11/18) 2. [US-CERT Vulnerability Note VU#226364](#) Multiple vulnerabilities in Internet Key Exchange version 1 implementations ### Additional Information - JPCERT/CC provides supplementary information based on vulnerability analysis results. ### Vendor Status Update History - Includes detailed update dates and content (e.g., specific vendor status updates)