NEC Corporation Information for VU#459371

Multiple IPsec implementations do not adequately validate authentication data



Vendor Statement

sent on December 4, 2002

[Router Products]

  • IX 5000 Series
    - is NOT vulnerable.
  • IX 1000 / 2000 Series (IX1010, IX1011, IX1020, IX1050, Bluefire IX1035 and IX2010)
    - is vulnerable in the case of Version 4.1 or prior. The exploitation is possible only when IPsec is enabled.
    - Fixed verion is 4.2.13 or greater.
    - To get fixed software, please contact to: <>
    - More information (in Japanese): <>

    Vendor Information

    The vendor has not provided us with any further information regarding this vulnerability.

    Vendor References



    The CERT/CC has no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.