Roy Hills

**Name of the Vulnerable Software and Affected Versions** Cisco IOS versions (affected versions not specified) VPN 3000 Concentrators versions (affected versions not specified) PIX firewalls versions (affected versions not specified) **Description** The issue concerns the Internet Key Exchange (IKE) version 1 protocol, which is used for key exchange in IPSec, commonly utilized to encrypt data for VPN connections. A design weakness in the IKE version 1 protocol allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. This could potentially affect multiple products and implementations beyond Cisco's. **Recommendations** For Cisco IOS, consider implementing rate limiting on IKE Phase-1 packets to minimize the risk of resource exhaustion. For VPN 3000 Concentrators, restrict access to IKE Phase-1 packets until a more robust solution is available. For PIX firewalls, as a temporary workaround, consider disabling IKE version 1 protocol support until a patch or update is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Juniper Netscreen VPN version 5.2.0 and earlier **Description** A behavioral discrepancy information leak occurs when using IKE with pre-shared key authentication, allowing remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet. This packet generates a response if the username is valid but does not respond when the username is invalid. **Recommendations** For Juniper Netscreen VPN version 5.2.0 and earlier, consider disabling IKE Aggressive Mode as a temporary workaround until a patch is available. Restrict access to the VPN to minimize the risk of exploitation. Avoid using pre-shared key authentication in IKE until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nortel VPN client version 5.01 **Description** The issue allows local users to obtain sensitive information because the cleartext password is stored in the memory of the Extranet.exe process. **Recommendations** For Nortel VPN client version 5.01, consider restricting access to the Extranet.exe process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SafeNet SoftRemote VPN Client (affected versions not specified) **Description** The issue concerns the storage of sensitive information in memory. Specifically, the VPN password, also known as the pre-shared key, is stored in cleartext in the memory of the IreIKE.exe process. This allows local users who have access to that process to obtain sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.