CVE-2005-2359

N/A Unknown

Published: August 05, 2005 Modified: April 16, 2026

Description

The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc

Source: secteam@freebsd.org

http://secunia.com/advisories/16244/

Source: secteam@freebsd.org

Patch Vendor Advisory

http://securitytracker.com/id?1014586

Source: secteam@freebsd.org

http://www.securityfocus.com/bid/14394

Source: secteam@freebsd.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/21551

Source: secteam@freebsd.org

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/16244/

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://securitytracker.com/id?1014586

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/14394

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/21551

Source: af854a3a-2127-422b-91ae-364da2661108

10 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.4%

58th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

freebsd