Vulnslist

find the latest Cisco vulnerabilities

Vulnerabilities in Kerberos 5 Implementation

cisco-sa-20040831-krb5 · NA · Published · Updated

Two vulnerabilities in the Massachusetts Institute of Technology (MIT) Kerberos 5 implementation that affect Cisco VPN 3000 Series Concentrators have been announced by the MIT Kerberos Team. Cisco VPN 3000 Series Concentrators authenticating users against a Kerberos Key Distribution Center (KDC) may be vulnerable to remote code execution and to Denial of Service (DoS) attacks. Cisco has made free software available to address these problems. Cisco VPN 3000 Series Concentrators not authenticating users against a Kerberos Key Distribution Center (KDC) are not impacted. No exploitations of these vulnerabilities have been reported. This advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040831-krb5.

Cisco advisory ·CSAF JSON

Workarounds

No workaround information imported yet.

CVEsCVE-2004-0642, CVE-2004-0643, CVE-2004-0644, CVE-2004-0772
Cisco Bug IDsNA
CVSS ScoreBase NA
Product Names From Source
NA, Cisco VPN 3000 Series Concentrator

CSAF Product Statuses

Product Status Source CVE Rows
Cisco VPN 3000 Series Concentrator known_affected cisco_csaf CVE-2004-0642, CVE-2004-0643, CVE-2004-0644 +1 more 4

Related Products

Product CVE Evidence
Cisco VPN 3000 Series Concentrator CVE-2004-0642 Cisco OpenVuln · family-level
Cisco VPN 3000 Series Concentrator CVE-2004-0644 Cisco OpenVuln · family-level
Cisco VPN 3000 Series Concentrator CVE-2004-0772 Cisco OpenVuln · family-level
Cisco VPN 3000 Series Concentrator CVE-2004-0643 Cisco OpenVuln · family-level