Title: Nortel VPN Routers Multiple Remote Unauthorized Access Vulnerabilities
Severity: CRITICAL
Description:
Nortel VPN routers are prone to multiple remote unauthorized-access vulnerabilities due to design errors.
The following unauthorized-access issues exist:
- An unauthorized-access vulnerability may be exploited via two default user accounts that are not visible to the system manager. The user accounts are stored by default in the VPN Router LDAP template for use with various tunnel types (L2TP, IPSEC, PPTP, L2F). These accounts are used by system diagnostics during FIPS mode boot-up. An attacker can exploit this issue to access the underlying private network. Successful exploits of this issue will not compromise the device because these accounts do not have administrative privileges.
- An issue affects the web-based management interface. An attacker can manipulate the URL to access certain administrative pages, bypassing the authentication mechanism. An attacker may exploit this issue to manipulate certain configuration settings and compromise vulnerable devices.
- A weakness exists in the encryption of passwords. The vulnerability occurs because affected routers use a common shared DES encryption key. This issue may allow attackers to decrypt user passwords through brute-force attempts, provided attackers can access the LDAP store.
Successful exploits will allow attackers to access administrative functionality and completely compromise vulnerable devices or gain direct access to the private network.
This issue affects all model numbers for Nortel VPN Routers 1000, 2000, 4000, 5000. Nortel VPN routers were formerly known as Contivity.
Affected Products:
- Nortel Networks Contivity 1000 VPN Switch
- Nortel Networks Contivity 2000 VPN Switch
- Nortel Networks Contivity 4000 VPN Switch
- Nortel Networks VPN Router 1010
- Nortel Networks VPN Router 1050
- Nortel Networks VPN Router 1100
- Nortel Networks VPN Router 1700
- Nortel Networks VPN Router 1740
- Nortel Networks VPN Router 1750
- Nortel Networks VPN Router 2700
- Nortel Networks VPN Router 5000
References:
- Nortel Networks: Contivity Product Information
- Nortel Networks: Nortel Networks Homepage
- Nortel Networks: VPN Router Security Issue - Unauthorized Remote Access
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
