Details of VAR-200210-0124

ID

VAR-200210-0124

CVE

CVE-2002-1046

TITLE

Watchdog Firebox dynamic VPN Configuration Protocol Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-195

DESCRIPTION

Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110. A denial of service vulnerability has been reported for WatchGuard Firebox firmware versions 5.x.x. The vulnerability occurs in the DVCP service. WatchGuard Firebox is a firewall for small and medium-sized business offices produced by WatchGuard in the United States. DVCP protocol The protocol used by the WatchGuard Firebox system to transmit IPSec VPN configuration information on the client server. The firewall needs to be restarted to use the DVCP service function again

Trust: 1.26

sources: NVD: CVE-2002-1046 // BID: 5186 // VULHUB: VHN-5435

AFFECTED PRODUCTS

vendor:	watchguard	model:	soho firewall	scope:	eq	version:	5.0.35	Trust: 1.9
vendor:	watchguard	model:	soho firewall	scope:	eq	version:	5.0.31	Trust: 1.9
vendor:	watchguard	model:	soho firewall	scope:	eq	version:	5.0.29	Trust: 1.9
vendor:	watchguard	model:	soho firewall	scope:	eq	version:	5.0.28	Trust: 1.9
vendor:	watchguard	model:	firebox	scope:	eq	version:	5.0	Trust: 1.9
vendor:	watchguard	model:	soho firewall	scope:	eq	version:	5.0.35a	Trust: 1.6
vendor:	watchguard	model:	soho firewall a	scope:	eq	version:	5.0.35	Trust: 0.3
vendor:	watchguard	model:	firebox .b1140	scope:	ne	version:	6.0	Trust: 0.3

sources: BID: 5186 // CNNVD: CNNVD-200210-195 // NVD: CVE-2002-1046

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1046
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200210-195
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5435
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1046
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5435
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5435 // CNNVD: CNNVD-200210-195 // NVD: CVE-2002-1046

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1046

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-195

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200210-195

EXTERNAL IDS

db:	BID	id:	5186	Trust: 2.0
db:	NVD	id:	CVE-2002-1046	Trust: 1.7
db:	CNNVD	id:	CNNVD-200210-195	Trust: 0.7
db:	VULNWATCH	id:	20020709 KPMG-2002030: WATCHGUARD FIREBOX DYNAMIC VPN CONFIGURATION PROTOCOL DOS	Trust: 0.6
db:	XF	id:	9509	Trust: 0.6
db:	VULHUB	id:	VHN-5435	Trust: 0.1

sources: VULHUB: VHN-5435 // BID: 5186 // CNNVD: CNNVD-200210-195 // NVD: CVE-2002-1046

REFERENCES

url:	http://www.securityfocus.com/bid/5186	Trust: 2.7
url:	http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0012.html	Trust: 2.7
url:	http://www.iss.net/security_center/static/9509.php	Trust: 2.7
url:	http://www.watchguard.com/	Trust: 0.3

sources: VULHUB: VHN-5435 // BID: 5186 // CNNVD: CNNVD-200210-195 // NVD: CVE-2002-1046

CREDITS

Peter Gründl※ pgrundl@kpmg.dk

Trust: 0.6

sources: CNNVD: CNNVD-200210-195

SOURCES

db:	VULHUB	id:	VHN-5435
db:	BID	id:	5186
db:	CNNVD	id:	CNNVD-200210-195
db:	NVD	id:	CVE-2002-1046

LAST UPDATE DATE

2024-11-22T22:57:15.675000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5435	date:	2008-09-05T00:00:00
db:	BID	id:	5186	date:	2002-07-09T00:00:00
db:	CNNVD	id:	CNNVD-200210-195	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2002-1046	date:	2024-11-20T23:40:28.113

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5435	date:	2002-10-04T00:00:00
db:	BID	id:	5186	date:	2002-07-09T00:00:00
db:	CNNVD	id:	CNNVD-200210-195	date:	2002-07-09T00:00:00
db:	NVD	id:	CVE-2002-1046	date:	2002-10-04T04:00:00