Strix
26.1K

CVE-2005-2640

UnknownEPSS 7.09%

Last modified

CVE-2005-2640 is a vulnerability of currently unknown severity. Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.. EPSS estimates a 7.09% chance of exploitation in the next 30 days.

Description

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

Metrics

EPSS Probability
7.09%

93.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
NeoterisInstant Virtual Extranet3.0
NeoterisInstant Virtual Extranet3.1
NeoterisInstant Virtual Extranet3.2
NeoterisInstant Virtual Extranet3.3
NeoterisInstant Virtual Extranet3.3.1
JuniperNetscreen Screenos1.7
JuniperNetscreen Screenos1.64
JuniperNetscreen Screenos1.66
JuniperNetscreen Screenos1.66_r2
JuniperNetscreen Screenos1.73_r1
JuniperNetscreen Screenos1.73_r2
JuniperNetscreen Screenos2.0.1_r8
JuniperNetscreen Screenos2.1
JuniperNetscreen Screenos2.1_r6
JuniperNetscreen Screenos2.1_r7
JuniperNetscreen Screenos2.5
JuniperNetscreen Screenos2.5r1
JuniperNetscreen Screenos2.5r2
JuniperNetscreen Screenos2.5r6
JuniperNetscreen Screenos2.6.0
JuniperNetscreen Screenos2.6.1
JuniperNetscreen Screenos2.6.1r1
JuniperNetscreen Screenos2.6.1r2
JuniperNetscreen Screenos2.6.1r3
JuniperNetscreen Screenos2.6.1r4
JuniperNetscreen Screenos2.6.1r5
JuniperNetscreen Screenos2.6.1r6
JuniperNetscreen Screenos2.6.1r7
JuniperNetscreen Screenos2.6.1r8
JuniperNetscreen Screenos2.6.1r9
JuniperNetscreen Screenos2.6.1r10
JuniperNetscreen Screenos2.6.1r11
JuniperNetscreen Screenos2.6.1r12
JuniperNetscreen Screenos2.7.1
JuniperNetscreen Screenos2.7.1r1
JuniperNetscreen Screenos2.7.1r2
JuniperNetscreen Screenos2.7.1r3
JuniperNetscreen Screenos2.8
JuniperNetscreen Screenos2.8_r1
JuniperNetscreen Screenos2.10_r3
JuniperNetscreen Screenos2.10_r4
JuniperNetscreen Screenos3.0.0
JuniperNetscreen Screenos3.0.0r1
JuniperNetscreen Screenos3.0.0r2
JuniperNetscreen Screenos3.0.0r3
JuniperNetscreen Screenos3.0.0r4
JuniperNetscreen Screenos3.0.1
JuniperNetscreen Screenos3.0.1r1
JuniperNetscreen Screenos3.0.1r2
JuniperNetscreen Screenos3.0.1r3

Showing 50 of 132 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2005-2640?
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.
How severe is CVE-2005-2640?
Severity scoring for CVE-2005-2640 is pending analysis. The EPSS model estimates a 7.09% probability of exploitation in the next 30 days.
How do I fix CVE-2005-2640?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-2640?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST