CVE-2004-2621

Name of the Vulnerable Software and Affected Versions Nortel Contivity VPN Client versions 2.1.7, 3.00, 3.01, 4.91, and 5.01

Description The issue allows remote attackers to perform a man-in-the-middle (MITM) attack due to a race condition. This occurs when the VPN client does not check the gateway certificate until after a dialog box has been displayed to the user, while opening a VPN tunnel.

Recommendations For versions 2.1.7, 3.00, 3.01, 4.91, and 5.01, consider disabling the automatic establishment of VPN tunnels until a patch is available, to minimize the risk of exploitation. Restrict access to sensitive resources when using the affected VPN client versions, to reduce the potential impact of a man-in-the-middle attack.