CVE-2005-2359

Description

The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session.

Risk Information

Base Score

5.9

MODERATE

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score

Exploitation Probability

0.364

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234