CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2004-2621
https://notcve.org/view.php?id=CVE-2004-2621
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. • http://secunia.com/advisories/12881 http://securitytracker.com/id?1011846 http://www.osvdb.org/11002 http://www.securityfocus.com/bid/11495 http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?level=6&category=8&subcategory=6&subtype=&DocumentOID=276620&RenditionID=REND159588 https://exchange.xforce.ibmcloud.com/vulnerabilities/17812 •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0CVE-2004-1105
https://notcve.org/view.php?id=CVE-2004-1105
Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. Nortel Networks Contivity VPN Client muestra un mensaje de error dependiendo de si el nombre de usuario es válido o no, lo que podría permitir a atacantes remotos obtener información sensible. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0291.html http://www.kb.cert.org/vuls/id/830214 http://www.kb.cert.org/vuls/id/CRDY-626N7F http://www.nii.co.in/vuln/contivity.html http://www.securityfocus.com/bid/11623 https://exchange.xforce.ibmcloud.com/vulnerabilities/17988 •