NVD

Id
39238  
Name
CVE-2013-3436  
Description
The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-18  
Published
2013-07-19  
Modified Date
2016-09-16  
Seq
2013-3436  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
200442 39238 CVE-2013-3436 20130718 Cisco IOS GET VPN Encryption Policy Bypass Vulnerability  View
200443 39238 CVE-2013-3436 http://tools.cisco.com/security/center/viewAlert.x?alertId=30140  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
21889 JVNDB-2013-003464 Cisco IOS の GET VPN 機能のデフォルト設定における暗号化ポリシーを回避される脆弱性 Cisco IOS の Group Encrypted Transport VPN (GET VPN) 機能のデフォルト設定は、Group Domain of Interpretation (GDOI) トラフィックフローの有効化において不適切なメカニズムを使用するため、暗号化ポリシーを回避される脆弱性が存在します。 CVE-2013-3436 63378 CVE-2013-3436 39238 5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-003464.html 2013-07-19 2013-07-22 View