VYPR
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026

CVE-2004-2621

CVE-2004-2621

Description

Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Nortel/Contivity5 versions
    cpe:2.3:h:nortel:contivity:2.1.7:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:h:nortel:contivity:2.1.7:*:*:*:*:*:*:*
    • cpe:2.3:h:nortel:contivity:3.00:*:*:*:*:*:*:*
    • cpe:2.3:h:nortel:contivity:3.01:*:*:*:*:*:*:*
    • cpe:2.3:h:nortel:contivity:4.91:*:*:*:*:*:*:*
    • cpe:2.3:h:nortel:contivity:5.01:*:*:*:*:*:*:*
  • Range: 2.1.7, 3.00, 3.01, 4.91, 5.01

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.