Nortel Networks on Thursday warned of a trio of serious vulnerabilities in its VPN routers that could enable remote attackers to compromise devices and gain unauthorized network access.
The Nortel VPN Router product line, formerly known as Contivity, includes IPsec and SSL VPN, firewall, bandwidth management, encryption, authentication, and data integrity for secure connectivity.
Nortel VPN Routers 1000, 2000 and 4000, are affected by the flaws, the vendor said in an advisory issued Thursday.
The first vulnerability is due to the fact that two default user accounts are stored by default in the VPN Router LDAP template and aren't visible to the system manager. These accounts, which are used for tunneling protocols such as L2TP, IPSEC, PPTP, and L2F, could give attackers a back door into the underlying network, Nortel said in the advisory.
A second vulnerability in the web-based management interface could enable a miscreant to tweak the URL and gain access to some of the administrative pages without logging in, which would allow them to change configuration settings, Nortel said.
Weak password encryption -- the result of the affected routers using a common shared DES encryption key -- is the cause of a third vulnerability, which could make it easier for hackers to 'brute force' user account passwords, the Toronto-based networking vendor noted in the advisory.
Nortel is recommending that customers protect themselves by upgrading their VPN Routers system software to version 6_05.140.
Symantec, in a bulletin to Deepsight Threat Management System subscribers, gave the vulnerabilities its highest severity rating, 10 on a 10 point scale.
Nortel credited German research firm DeTack GmbH for discovering the vulnerabilities.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
