Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-2640

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

Security Impact Summary

CVE-2005-2640 is a security vulnerability that . Impacting 16 products from neoteris, from juniper, from netscreen and 13 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 2005, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

2005-08-23T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	neoteris	instant_virtual_extranet	3.0	Yes
Application	neoteris	instant_virtual_extranet	3.1	Yes
Application	neoteris	instant_virtual_extranet	3.2	Yes
Application	neoteris	instant_virtual_extranet	3.3	Yes
Application	neoteris	instant_virtual_extranet	3.3.1	Yes
Operating System	juniper	netscreen_screenos	1.7	Yes
Operating System	juniper	netscreen_screenos	1.64	Yes
Operating System	juniper	netscreen_screenos	1.66	Yes
Operating System	juniper	netscreen_screenos	1.66_r2	Yes
Operating System	juniper	netscreen_screenos	1.73_r1	Yes
Operating System	juniper	netscreen_screenos	1.73_r2	Yes
Operating System	juniper	netscreen_screenos	2.0.1_r8	Yes
Operating System	juniper	netscreen_screenos	2.1	Yes
Operating System	juniper	netscreen_screenos	2.1_r6	Yes
Operating System	juniper	netscreen_screenos	2.1_r7	Yes
Operating System	juniper	netscreen_screenos	2.5	Yes
Operating System	juniper	netscreen_screenos	2.5r1	Yes
Operating System	juniper	netscreen_screenos	2.5r2	Yes
Operating System	juniper	netscreen_screenos	2.5r6	Yes
Operating System	juniper	netscreen_screenos	2.6.0	Yes
Operating System	juniper	netscreen_screenos	2.6.1	Yes
Operating System	juniper	netscreen_screenos	2.6.1r1	Yes
Operating System	juniper	netscreen_screenos	2.6.1r2	Yes
Operating System	juniper	netscreen_screenos	2.6.1r3	Yes
Operating System	juniper	netscreen_screenos	2.6.1r4	Yes
Operating System	juniper	netscreen_screenos	2.6.1r5	Yes
Operating System	juniper	netscreen_screenos	2.6.1r6	Yes
Operating System	juniper	netscreen_screenos	2.6.1r7	Yes
Operating System	juniper	netscreen_screenos	2.6.1r8	Yes
Operating System	juniper	netscreen_screenos	2.6.1r9	Yes
Operating System	juniper	netscreen_screenos	2.6.1r10	Yes
Operating System	juniper	netscreen_screenos	2.6.1r11	Yes
Operating System	juniper	netscreen_screenos	2.6.1r12	Yes
Operating System	juniper	netscreen_screenos	2.7.1	Yes
Operating System	juniper	netscreen_screenos	2.7.1r1	Yes
Operating System	juniper	netscreen_screenos	2.7.1r2	Yes
Operating System	juniper	netscreen_screenos	2.7.1r3	Yes
Operating System	juniper	netscreen_screenos	2.8	Yes
Operating System	juniper	netscreen_screenos	2.8_r1	Yes
Operating System	juniper	netscreen_screenos	2.10_r3	Yes
Operating System	juniper	netscreen_screenos	2.10_r4	Yes
Operating System	juniper	netscreen_screenos	3.0.0	Yes
Operating System	juniper	netscreen_screenos	3.0.0r1	Yes
Operating System	juniper	netscreen_screenos	3.0.0r2	Yes
Operating System	juniper	netscreen_screenos	3.0.0r3	Yes
Operating System	juniper	netscreen_screenos	3.0.0r4	Yes
Operating System	juniper	netscreen_screenos	3.0.1	Yes
Operating System	juniper	netscreen_screenos	3.0.1r1	Yes
Operating System	juniper	netscreen_screenos	3.0.1r2	Yes
Operating System	juniper	netscreen_screenos	3.0.1r3	Yes
Operating System	juniper	netscreen_screenos	3.0.1r4	Yes
Operating System	juniper	netscreen_screenos	3.0.1r5	Yes
Operating System	juniper	netscreen_screenos	3.0.1r6	Yes
Operating System	juniper	netscreen_screenos	3.0.1r7	Yes
Operating System	juniper	netscreen_screenos	3.0.2	Yes
Operating System	juniper	netscreen_screenos	3.0.3	Yes
Operating System	juniper	netscreen_screenos	3.0.3_r1.1	Yes
Operating System	juniper	netscreen_screenos	3.0.3r1	Yes
Operating System	juniper	netscreen_screenos	3.0.3r2	Yes
Operating System	juniper	netscreen_screenos	3.0.3r3	Yes
Operating System	juniper	netscreen_screenos	3.0.3r4	Yes
Operating System	juniper	netscreen_screenos	3.0.3r5	Yes
Operating System	juniper	netscreen_screenos	3.0.3r6	Yes
Operating System	juniper	netscreen_screenos	3.0.3r7	Yes
Operating System	juniper	netscreen_screenos	3.0.3r8	Yes
Operating System	juniper	netscreen_screenos	3.1.0	Yes
Operating System	juniper	netscreen_screenos	3.1.0r1	Yes
Operating System	juniper	netscreen_screenos	3.1.0r2	Yes
Operating System	juniper	netscreen_screenos	3.1.0r3	Yes
Operating System	juniper	netscreen_screenos	3.1.0r4	Yes
Operating System	juniper	netscreen_screenos	3.1.0r5	Yes
Operating System	juniper	netscreen_screenos	3.1.0r6	Yes
Operating System	juniper	netscreen_screenos	3.1.0r7	Yes
Operating System	juniper	netscreen_screenos	3.1.0r8	Yes
Operating System	juniper	netscreen_screenos	3.1.0r9	Yes
Operating System	juniper	netscreen_screenos	3.1.0r10	Yes
Operating System	juniper	netscreen_screenos	3.1.0r11	Yes
Operating System	juniper	netscreen_screenos	3.1.0r12	Yes
Operating System	juniper	netscreen_screenos	3.1.1_r2	Yes
Operating System	juniper	netscreen_screenos	4.0.0	Yes
Operating System	juniper	netscreen_screenos	4.0.0	Yes
Operating System	juniper	netscreen_screenos	4.0.0r1	Yes
Operating System	juniper	netscreen_screenos	4.0.0r2	Yes
Operating System	juniper	netscreen_screenos	4.0.0r3	Yes
Operating System	juniper	netscreen_screenos	4.0.0r4	Yes
Operating System	juniper	netscreen_screenos	4.0.0r5	Yes
Operating System	juniper	netscreen_screenos	4.0.0r6	Yes
Operating System	juniper	netscreen_screenos	4.0.0r7	Yes
Operating System	juniper	netscreen_screenos	4.0.0r8	Yes
Operating System	juniper	netscreen_screenos	4.0.0r9	Yes
Operating System	juniper	netscreen_screenos	4.0.0r10	Yes
Operating System	juniper	netscreen_screenos	4.0.0r11	Yes
Operating System	juniper	netscreen_screenos	4.0.0r12	Yes
Operating System	juniper	netscreen_screenos	4.0.1	Yes
Operating System	juniper	netscreen_screenos	4.0.1r1	Yes
Operating System	juniper	netscreen_screenos	4.0.1r2	Yes
Operating System	juniper	netscreen_screenos	4.0.1r3	Yes
Operating System	juniper	netscreen_screenos	4.0.1r4	Yes
Operating System	juniper	netscreen_screenos	4.0.1r5	Yes
Operating System	juniper	netscreen_screenos	4.0.1r6	Yes
Operating System	juniper	netscreen_screenos	4.0.1r7	Yes
Operating System	juniper	netscreen_screenos	4.0.1r8	Yes
Operating System	juniper	netscreen_screenos	4.0.1r9	Yes
Operating System	juniper	netscreen_screenos	4.0.1r10	Yes
Operating System	juniper	netscreen_screenos	4.0.2	Yes
Operating System	juniper	netscreen_screenos	4.0.3	Yes
Operating System	juniper	netscreen_screenos	4.0.3r1	Yes
Operating System	juniper	netscreen_screenos	4.0.3r2	Yes
Operating System	juniper	netscreen_screenos	4.0.3r3	Yes
Operating System	juniper	netscreen_screenos	4.0.3r4	Yes
Operating System	juniper	netscreen_screenos	5.0.0	Yes
Operating System	juniper	netscreen_screenos	5.1.0	Yes
Operating System	juniper	netscreen_screenos	5.1.0r3a	Yes
Operating System	juniper	netscreen_screenos	5.2.0	Yes
Operating System	netscreen	ns-10	*	Yes
Operating System	netscreen	ns-100	3.0_.pe1.0	Yes
Operating System	netscreen	ns-204	5.0.0_r6.0	Yes
Operating System	netscreen	ns-204	0110.0_11_4.0_r10.0	Yes
Operating System	netscreen	ns-204	0110.0_11_5.1.0_r3a	Yes
Operating System	netscreen	ns-500	4110.0_11_4.0_r10.0	Yes
Operating System	netscreen	ns-500	4110.0_11_5.1.0_r3a	Yes
Operating System	netscreen	ns-50ns25	5.0.0_r6.0	Yes
Hardware	juniper	netscreen-5gt	5.0	Yes
Hardware	juniper	netscreen-idp	3.0	Yes
Hardware	juniper	netscreen-idp	3.0r1	Yes
Hardware	juniper	netscreen-idp	3.0r2	Yes
Hardware	juniper	netscreen-idp_10	3.0.1_r1	Yes
Hardware	juniper	netscreen-idp_100	3.0.1_r1	Yes
Hardware	juniper	netscreen-idp_1000	3.0.1_r1	Yes
Hardware	juniper	netscreen-idp_500	3.0.1_r1	Yes
Hardware	netscreen	netscreen-sa_5000_series	*	Yes
Hardware	netscreen	netscreen-sa_5020_series	4.2_r2.2	Yes
Hardware	netscreen	netscreen-sa_5050_series	4.2_r2.2	Yes

References

http://marc.info/?l=bugtraq&m=112438068426034&w=2 ([email protected])
http://secunia.com/advisories/16474/ Vendor Advisory ([email protected])
http://securitytracker.com/id?1014728 ([email protected])
http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm Exploit, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/14595 Exploit ([email protected])
http://marc.info/?l=bugtraq&m=112438068426034&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/16474/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1014728 (af854a3a-2127-422b-91ae-364da2661108)
http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/14595 Exploit (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For neoteris's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.