Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > April 2007 > Nortel - VPN Router Security Issue - Unauthorized Remote Access

April 2007

Nortel - VPN Router Security Issue - Unauthorized Remote Access

ID: 119
Ref: 061/2007
Date: 20 April 2007:10:40:54
Version: 1
Title: Nortel - VPN Router Security Issue - Unauthorized Remote Access
Abstract: Advisory that describes three potential security vulnerabilities on Nortel VPN routers.
Vendors affected: Nortel
Three potential security vulnerabilities on Nortel VPN routers have been discovered. This issue affects all model numbers for Nortel VPN Routers 1000, 2000, 4000, 5000. Nortel VPN routers were formerly known as Contivity.

1. Unauthorized Remote Access - Two default user accounts are stored in the VPN Router for the various tunnel types (L2TP, IPSEC, PPTP, L2F). These user accounts exist in all VPN Router software builds starting with 3_60. These accounts may allow outside access to the private network.

2. Unauthorized VPN Router Administration Access - Some administrative web pages can be accessed without authorization through URL manipulation. Through these web pages, it is possible to manipulate certain configuration settings on the VPN Router without authorization.

3. Shared DES Key - All VPN Routers use the same DES key to encrypt user passwords.

Recommended action
==================

It is STRONGLY recommended that network administrators upgrade their systems to any of 6_05.140, 5_05.304 or 5_05.149 software builds as soon as possible.

Until the upgrade is applied, network administrators can use the following mitigation
measures:

Issue #1:
- remove the two default accounts from the LDAP database if FIPS 140-2 mode operation is not required. Details are provided in the Nortel's bulletin id 2007007918 at:

http://www.nortel.com/securityadvisories

Issue #2:
- Apply access lists to routers linked to the Nortel VPN devices. Only allow internal VPN administrators IPs to the administrative interface.

Issue #3:
- Use strong passwords and enable password expiration policy.

If you are not able to apply all mitigation measures, organizations should consider closing VPN access until devices are upgraded.

Further Reference:
http://www.securityfocus.com/bid/23562
______________________________________________________________________________

CPNI values your feedback.

1. Which of the following most reflects the value of the advisory to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our advisories?


Thank you for your contribution.
______________________________________________________________________________

CPNI wishes to acknowledge the contributions of Nortel and Canadian Public Safety for the information contained in this advisory.
______________________________________________________________________________

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |