Details of VAR-200212-0449

ID

VAR-200212-0449

CVE

CVE-2002-1778

TITLE

Symantec Norton Personal Firewall 2002 Security hole

Trust: 0.6

sources: CNNVD: CNNVD-200212-104

DESCRIPTION

Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan. Symantec Norton Personal Firewall 2002 (NPW)is a firewall solution for home and small office machines based on some versions of the Microsoft Windows operating systems. It has a variety of features, including the ability to detect and dynamically block portscans. An issue has been reported with the manner in which Personal Firewall 2002 handles portscans. Reportedly, only SYN scans are detected. An attacker may scan with a variety of other methods, including SYN/FIN packets and evade the protective features of NPW. This issue may affect Norton Internet Security 2002, however this has not been confirmed

Trust: 1.35

sources: NVD: CVE-2002-1778 // BID: 4521 // VULHUB: VHN-6161 // VULMON: CVE-2002-1778

AFFECTED PRODUCTS

vendor:

symantec

model:

norton personal firewall

scope:

version:

2002

Trust: 1.9

sources: BID: 4521 // CNNVD: CNNVD-200212-104 // NVD: CVE-2002-1778

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1778
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200212-104
value:	HIGH
Trust: 0.6
VULHUB:	VHN-6161
value:	HIGH
Trust: 0.1
VULMON:	CVE-2002-1778
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1778
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-6161
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6161 // VULMON: CVE-2002-1778 // CNNVD: CNNVD-200212-104 // NVD: CVE-2002-1778

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1778

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-104

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200212-104

EXTERNAL IDS

db:	BID	id:	4521	Trust: 2.1
db:	NVD	id:	CVE-2002-1778	Trust: 1.8
db:	CNNVD	id:	CNNVD-200212-104	Trust: 0.7
db:	XF	id:	8859	Trust: 0.6
db:	NSFOCUS	id:	2626	Trust: 0.6
db:	VULHUB	id:	VHN-6161	Trust: 0.1
db:	VULMON	id:	CVE-2002-1778	Trust: 0.1

sources: VULHUB: VHN-6161 // VULMON: CVE-2002-1778 // BID: 4521 // CNNVD: CNNVD-200212-104 // NVD: CVE-2002-1778

REFERENCES

url:	http://securityresponse.symantec.com/avcenter/security/content/2002.05.16.html	Trust: 3.1
url:	http://www.securityfocus.com/bid/4521	Trust: 2.8
url:	http://online.securityfocus.com/archive/1/267850	Trust: 2.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/8859	Trust: 2.2
url:	http://xforce.iss.net/xforce/xfdb/8859	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/2626	Trust: 0.6
url:	http://www.symantec.com/sabu/nis/npf/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=3622	Trust: 0.1

sources: VULHUB: VHN-6161 // VULMON: CVE-2002-1778 // BID: 4521 // CNNVD: CNNVD-200212-104 // NVD: CVE-2002-1778

CREDITS

Alfonso Fiore※ afiore@secure-edge.com

Trust: 0.6

sources: CNNVD: CNNVD-200212-104

SOURCES

db:	VULHUB	id:	VHN-6161
db:	VULMON	id:	CVE-2002-1778
db:	BID	id:	4521
db:	CNNVD	id:	CNNVD-200212-104
db:	NVD	id:	CVE-2002-1778

LAST UPDATE DATE

2024-11-22T23:00:39.701000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6161	date:	2017-07-11T00:00:00
db:	VULMON	id:	CVE-2002-1778	date:	2017-07-11T00:00:00
db:	BID	id:	4521	date:	2002-04-16T00:00:00
db:	CNNVD	id:	CNNVD-200212-104	date:	2019-12-27T00:00:00
db:	NVD	id:	CVE-2002-1778	date:	2024-11-20T23:42:06.253

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6161	date:	2002-12-31T00:00:00
db:	VULMON	id:	CVE-2002-1778	date:	2002-12-31T00:00:00
db:	BID	id:	4521	date:	2002-04-16T00:00:00
db:	CNNVD	id:	CNNVD-200212-104	date:	2002-04-16T00:00:00
db:	NVD	id:	CVE-2002-1778	date:	2002-12-31T05:00:00