Details of VAR-200305-0035

ID

VAR-200305-0035

CVE

CVE-2003-0219

TITLE

Kerio Personal Firewall Replay Attack Vulnerability

Trust: 0.9

sources: BID: 7179 // CNNVD: CNNVD-200305-022

DESCRIPTION

Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server

Trust: 1.98

sources: NVD: CVE-2003-0219 // CERT/CC: VU#641012 // BID: 7179 // VULHUB: VHN-7048

AFFECTED PRODUCTS

vendor:	kerio	model:	personal firewall 2	scope:	eq	version:	2.1	Trust: 1.6
vendor:	kerio	model:	personal firewall 2	scope:	eq	version:	2.1.3	Trust: 1.6
vendor:	kerio	model:	personal firewall 2	scope:	eq	version:	2.1.2	Trust: 1.6
vendor:	kerio	model:	personal firewall 2	scope:	eq	version:	2.1.1	Trust: 1.6
vendor:	kerio	model:	personal firewall 2	scope:	eq	version:	2.1.4	Trust: 1.6
vendor:	kerio	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	kerio	model:	personal firewall	scope:	eq	version:	22.1.4	Trust: 0.3
vendor:	kerio	model:	personal firewall	scope:	eq	version:	22.1.3	Trust: 0.3
vendor:	kerio	model:	personal firewall	scope:	eq	version:	22.1.2	Trust: 0.3
vendor:	kerio	model:	personal firewall	scope:	eq	version:	22.1.1	Trust: 0.3
vendor:	kerio	model:	personal firewall	scope:	eq	version:	22.1	Trust: 0.3

sources: CERT/CC: VU#641012 // BID: 7179 // CNNVD: CNNVD-200305-022 // NVD: CVE-2003-0219

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0219
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#641012
value:	3.00
Trust: 0.8
CNNVD:	CNNVD-200305-022
value:	HIGH
Trust: 0.6
VULHUB:	VHN-7048
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-0219
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7048
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#641012 // VULHUB: VHN-7048 // CNNVD: CNNVD-200305-022 // NVD: CVE-2003-0219

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0219

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200305-022

TYPE

Design Error

Trust: 0.9

sources: BID: 7179 // CNNVD: CNNVD-200305-022

EXTERNAL IDS

db:	BID	id:	7179	Trust: 2.8
db:	CERT/CC	id:	VU#641012	Trust: 2.5
db:	NVD	id:	CVE-2003-0219	Trust: 1.7
db:	CNNVD	id:	CNNVD-200305-022	Trust: 0.7
db:	BUGTRAQ	id:	20030428 CORE-2003-0305-02: VULNERABILITIES IN KERIO PERSONAL FIREWALL	Trust: 0.6
db:	VULHUB	id:	VHN-7048	Trust: 0.1

sources: CERT/CC: VU#641012 // VULHUB: VHN-7048 // BID: 7179 // CNNVD: CNNVD-200305-022 // NVD: CVE-2003-0219

REFERENCES

url:	http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10	Trust: 2.4
url:	http://www.securityfocus.com/bid/7179	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/641012	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=105155734411836&w=2	Trust: 1.0
url:	http://www.kerio.com/kpf_download.html	Trust: 0.8
url:	http://online.securityfocus.com/bid/7179	Trust: 0.8
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=105155734411836&w=2	Trust: 0.6
url:	http://www.kerio.com	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=105155734411836&w=2	Trust: 0.1
url:	http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10	Trust: 0.1
url:	-	Trust: 0.1

sources: CERT/CC: VU#641012 // VULHUB: VHN-7048 // BID: 7179 // CNNVD: CNNVD-200305-022 // NVD: CVE-2003-0219

CREDITS

The discovery of this vulnerability has been credited to Emiliano Kargieman, Hernn Gips and Javier Burroni from Core Security Technologies.

Trust: 0.6

sources: CNNVD: CNNVD-200305-022

SOURCES

db:	CERT/CC	id:	VU#641012
db:	VULHUB	id:	VHN-7048
db:	BID	id:	7179
db:	CNNVD	id:	CNNVD-200305-022
db:	NVD	id:	CVE-2003-0219

LAST UPDATE DATE

2024-08-14T15:31:14.296000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#641012	date:	2003-05-13T00:00:00
db:	VULHUB	id:	VHN-7048	date:	2016-10-18T00:00:00
db:	BID	id:	7179	date:	2003-04-28T00:00:00
db:	CNNVD	id:	CNNVD-200305-022	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-0219	date:	2016-10-18T02:30:52.753

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#641012	date:	2003-05-13T00:00:00
db:	VULHUB	id:	VHN-7048	date:	2003-05-12T00:00:00
db:	BID	id:	7179	date:	2003-04-28T00:00:00
db:	CNNVD	id:	CNNVD-200305-022	date:	2003-05-12T00:00:00
db:	NVD	id:	CVE-2003-0219	date:	2003-05-12T04:00:00