CVE-2005-3768

Name: CVE-2005-3768
Creator: NVD / NIST
Published: 2005-11-23T00:03:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.78%

Last modified Jun 16, 2026

CVE-2005-3768 is a vulnerability of currently unknown severity. Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.. EPSS estimates a 3.78% chance of exploitation in the next 30 days.

Description

Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

Metrics

EPSS Probability

3.78%

88.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Symantec	Enterprise Firewall	8.0
Symantec	Firewall Vpn Appliance 100	All versions
Symantec	Firewall Vpn Appliance 200	All versions
Symantec	Gateway Security 300	2.0
Symantec	Gateway Security 400	2.0
Symantec	Gateway Security 5000 Series	3.0
Symantec	Gateway Security 5100	All versions
Symantec	Gateway Security 5300	1.0
Symantec	Gateway Security 5310	1.0
Symantec	Gateway Security 5400	2.0.1

References

http://secunia.com/advisories/17684Patch, Vendor Advisory
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.htmlPatch, Vendor Advisory
http://securitytracker.com/id?1015247Patch
http://securitytracker.com/id?1015248Patch
http://securitytracker.com/id?1015249Patch
http://www.vupen.com/english/advisories/2005/2517
http://secunia.com/advisories/17684Patch, Vendor Advisory
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.htmlPatch, Vendor Advisory
http://securitytracker.com/id?1015247Patch
http://securitytracker.com/id?1015248Patch
http://securitytracker.com/id?1015249Patch
http://www.vupen.com/english/advisories/2005/2517

Timeline

Published: Nov 23, 2005
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2005-3768?

How severe is CVE-2005-3768?

Severity scoring for CVE-2005-3768 is pending analysis. The EPSS model estimates a 3.78% probability of exploitation in the next 30 days.

How do I fix CVE-2005-3768?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-3768?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST