Details of VAR-200212-0385

ID

VAR-200212-0385

CVE

CVE-2002-1937

TITLE

Symantec Firewall/VPN Appliance Get administrator password vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-802

DESCRIPTION

Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password. Firewall/VPN Appliance 200 is prone to a remote security vulnerability

Trust: 1.26

sources: NVD: CVE-2002-1937 // BID: 89469 // VULHUB: VHN-6320

AFFECTED PRODUCTS

vendor:	symantec	model:	firewall vpn appliance 200r	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	firewall vpn appliance 200	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	firewall vpn appliance 100	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	firewall vpn appliance 200r	scope:	-	version:	-	Trust: 0.6
vendor:	symantec	model:	firewall vpn appliance 200	scope:	-	version:	-	Trust: 0.6
vendor:	symantec	model:	firewall vpn appliance 100	scope:	-	version:	-	Trust: 0.6
vendor:	symantec	model:	firewall/vpn appliance 200r	scope:	-	version:	-	Trust: 0.3
vendor:	symantec	model:	firewall/vpn appliance	scope:	eq	version:	200	Trust: 0.3
vendor:	symantec	model:	firewall/vpn appliance	scope:	eq	version:	100	Trust: 0.3

sources: BID: 89469 // CNNVD: CNNVD-200212-802 // NVD: CVE-2002-1937

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1937
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200212-802
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-6320
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1937
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6320
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6320 // CNNVD: CNNVD-200212-802 // NVD: CVE-2002-1937

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1937

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-802

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200212-802

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1937	Trust: 2.0
db:	CNNVD	id:	CNNVD-200212-802	Trust: 0.7
db:	BUGTRAQ	id:	20021022 SNIFFING ADMINISTRATOR'S PASSWORD IN SYMANTEC FIREWALL/VPN APPLIANCE V. 200R	Trust: 0.6
db:	BUGTRAQ	id:	20021022 RE: SNIFFING ADMINISTRATOR'S PASSWORD IN SYMANTEC FIREWALL/VPN APPLIANCE V. 200R	Trust: 0.6
db:	XF	id:	10442	Trust: 0.6
db:	BID	id:	89469	Trust: 0.4
db:	VULHUB	id:	VHN-6320	Trust: 0.1

sources: VULHUB: VHN-6320 // BID: 89469 // CNNVD: CNNVD-200212-802 // NVD: CVE-2002-1937

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2002-10/0329.html	Trust: 2.0
url:	http://archives.neohapsis.com/archives/bugtraq/2002-10/0314.html	Trust: 2.0
url:	http://www.iss.net/security_center/static/10442.php	Trust: 2.0

sources: VULHUB: VHN-6320 // BID: 89469 // CNNVD: CNNVD-200212-802 // NVD: CVE-2002-1937

CREDITS

Unknown

Trust: 0.3

sources: BID: 89469

SOURCES

db:	VULHUB	id:	VHN-6320
db:	BID	id:	89469
db:	CNNVD	id:	CNNVD-200212-802
db:	NVD	id:	CVE-2002-1937

LAST UPDATE DATE

2024-08-14T14:35:59.416000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6320	date:	2008-09-05T00:00:00
db:	BID	id:	89469	date:	2002-12-31T00:00:00
db:	CNNVD	id:	CNNVD-200212-802	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1937	date:	2008-09-05T20:31:54.167

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6320	date:	2002-12-31T00:00:00
db:	BID	id:	89469	date:	2002-12-31T00:00:00
db:	CNNVD	id:	CNNVD-200212-802	date:	2002-12-31T00:00:00
db:	NVD	id:	CVE-2002-1937	date:	2002-12-31T05:00:00