CVE-2005-4564

Name of the Vulnerable Software and Affected Versions ADTRAN NetVanta versions prior to 10.03.03.E Multiple Cisco products (affected versions not specified)

Description The issue is related to the Internet Key Exchange version 1 (IKEv1) implementation, which might allow remote attackers to cause a denial of service via crafted IKE packets. This was demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. The vulnerability can be repeatedly exploited to produce a denial of service.

Recommendations For ADTRAN NetVanta versions prior to 10.03.03.E, update to version 10.03.03.E or later. For Multiple Cisco products, Cisco has made free software available to address this vulnerability, so customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment, and then deploy the available software. As a temporary workaround, consider disabling the IKEv1 implementation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability for Multiple Cisco products.