Sign-up

ID

VAR-200212-0858


CVE

CVE-2002-2341


TITLE

SonicWall SOHO3 Content Blocking Script Injection Vulnerability

Trust: 0.9

sources: BID: 4755 // CNNVD: CNNVD-200212-799

DESCRIPTION

Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. The Sonicwall SOHO3 is an Internet security appliance that provides firewall security solutions. Reportedly, a vulnerability exists in the product that allows for a script injection attack to be launched from a malicious user within the internal LAN. It is possible to configure Sonicwall to block domains from a list of user entered domains. Sonicwall will deny local users access to the websites that have been blocked. Attempts to access blocked domains will be entered into the log files of Sonicwall. An administrator viewing the log files will automatically cause the malicious script code execute. If the attacker's script code is injected into the logfile then the administrator will not be able to access the log normally. To regain access to the logs the appliance will need to be rebooted. It should be noted that rebooting the appliance will cause the logs to be cleared and will effectively eliminate any indication in the logs of which user initiated the attack. It is possible for a malicious remote user to exploit this issue by crafting a URL of a known blocked domain that includes script code, and enticing a local user into following the link

Trust: 1.26

sources: NVD: CVE-2002-2341 // BID: 4755 // VULHUB: VHN-6724

AFFECTED PRODUCTS

vendor:sonicwallmodel:soho3scope:eqversion:6.3.0.0

Trust: 1.6

vendor:sonicwallmodel:sohoscope:eqversion:6.3.0.0

Trust: 0.3

sources: BID: 4755 // CNNVD: CNNVD-200212-799 // NVD: CVE-2002-2341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-2341
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200212-799
value: MEDIUM

Trust: 0.6

VULHUB: VHN-6724
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-2341
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6724
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6724 // CNNVD: CNNVD-200212-799 // NVD: CVE-2002-2341

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

sources: VULHUB: VHN-6724 // NVD: CVE-2002-2341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-799

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200212-799

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-6724

EXTERNAL IDS
db:BIDid:4755
Trust: 2.0
db:NVDid:CVE-2002-2341
Trust: 1.7
db:CNNVDid:CNNVD-200212-799
Trust: 0.7
db:XFid:3
Trust: 0.6
db:SEEBUGid:SSVID-75279
Trust: 0.1
db:EXPLOIT-DBid:21453
Trust: 0.1
db:VULHUBid:VHN-6724
Trust: 0.1
sources:
            
            
            VULHUB: VHN-6724 // 
            
            
            
            BID: 4755 // 
            
            
            
            CNNVD: CNNVD-200212-799 // 
            
            
            
            NVD: CVE-2002-2341

REFERENCES
url:http://www.securityfocus.com/bid/4755
Trust: 2.7
url:http://www.iss.net/security_center/static/9103.php
Trust: 2.7
url:http://online.securityfocus.com/archive/1/272935
Trust: 2.1
url:http://www.sonicwall.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-6724 // 
            
            
            
            BID: 4755 // 
            
            
            
            CNNVD: CNNVD-200212-799 // 
            
            
            
            NVD: CVE-2002-2341

CREDITS
Credited to "E M" <rdnktrk@hotmail.com>.
Trust: 0.9
sources:
            
            
            BID: 4755 // 
            
            
            
            CNNVD: CNNVD-200212-799

SOURCES
db:VULHUBid:VHN-6724
db:BIDid:4755
db:CNNVDid:CNNVD-200212-799
db:NVDid:CVE-2002-2341

LAST UPDATE DATE
2024-11-22T20:42:10.201000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-6724date:2008-09-05T00:00:00
db:BIDid:4755date:2002-05-17T00:00:00
db:CNNVDid:CNNVD-200212-799date:2002-12-31T00:00:00
db:NVDid:CVE-2002-2341date:2024-11-20T23:43:27.177

SOURCES RELEASE DATE
db:VULHUBid:VHN-6724date:2002-12-31T00:00:00
db:BIDid:4755date:2002-05-17T00:00:00
db:CNNVDid:CNNVD-200212-799date:2002-12-31T00:00:00
db:NVDid:CVE-2002-2341date:2002-12-31T05:00:00