- Description
- Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 4.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nortel:contivity:2.1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1F8A65F-C993-4BC4-A189-F6585B42AA61"
},
{
"criteria": "cpe:2.3:h:nortel:contivity:3.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A101AB6E-3D11-41F7-99B6-6E516D28F729"
},
{
"criteria": "cpe:2.3:h:nortel:contivity:3.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1ED7923-FB6C-4788-8831-D5529AC73E98"
},
{
"criteria": "cpe:2.3:h:nortel:contivity:4.91:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4AB1910-C2B3-4982-AE4D-20342924A010"
},
{
"criteria": "cpe:2.3:h:nortel:contivity:5.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37D59E92-E606-4C59-9D34-B921A00F096A"
}
],
"operator": "OR"
}
]
}
]