Details of VAR-200401-0062

ID

VAR-200401-0062

CVE

CVE-2004-1766

TITLE

NetScreen-Security Manager fails to encrypt communications with managed devices

Trust: 0.8

sources: CERT/CC: VU#927630

DESCRIPTION

The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing. A vulnerability in the NetScreen-Security Manager software could expose sensitive information in cleartext over the network. A problem in the handling of default communications has been identified in NetScreen-Security Manager. Because of this, an attacker may be able to gain access to potentially sensitive information. Netscreen is a firewall security solution, and its operating system is ScreenOS

Trust: 1.98

sources: NVD: CVE-2004-1766 // CERT/CC: VU#927630 // BID: 9455 // VULHUB: VHN-10196

AFFECTED PRODUCTS

vendor:	netscreen	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	netscreen-security manager 2004	scope:	-	version:	-	Trust: 0.6
vendor:	netscreen	model:	netscreen-security manager	scope:	eq	version:	2004	Trust: 0.3
vendor:	netscreen	model:	netscreen-security manager feature pack	scope:	ne	version:	20041	Trust: 0.3

sources: CERT/CC: VU#927630 // BID: 9455 // CNNVD: CNNVD-200401-033

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1766
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#927630
value:	5.63
Trust: 0.8
CNNVD:	CNNVD-200401-033
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-10196
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-1766
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10196
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#927630 // VULHUB: VHN-10196 // CNNVD: CNNVD-200401-033 // NVD: CVE-2004-1766

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200401-033

TYPE

Configuration Error

Trust: 0.9

sources: BID: 9455 // CNNVD: CNNVD-200401-033

EXTERNAL IDS

db:	SECUNIA	id:	10675	Trust: 2.5
db:	CERT/CC	id:	VU#927630	Trust: 2.5
db:	BID	id:	9455	Trust: 2.0
db:	OSVDB	id:	3613	Trust: 1.7
db:	NVD	id:	CVE-2004-1766	Trust: 1.7
db:	CNNVD	id:	CNNVD-200401-033	Trust: 0.7
db:	CERT/CC	id:	HTTP://WWW.KB.CERT.ORG/VULS/ID/CRDY-5VEU8N	Trust: 0.6
db:	XF	id:	14886	Trust: 0.6
db:	VULHUB	id:	VHN-10196	Trust: 0.1

sources: CERT/CC: VU#927630 // VULHUB: VHN-10196 // BID: 9455 // CNNVD: CNNVD-200401-033 // NVD: CVE-2004-1766

REFERENCES

url:	http://www.netscreen.com/services/security/alerts/1_19_04_58290.jsp	Trust: 2.2
url:	http://www.securityfocus.com/bid/9455	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/927630	Trust: 1.7
url:	http://www.juniper.net/support/security/alerts/58290.txt	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/crdy-5veu8n	Trust: 1.7
url:	http://www.osvdb.org/3613	Trust: 1.7
url:	http://secunia.com/advisories/10675	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/14886	Trust: 1.1
url:	http://www.secunia.com/advisories/10675/	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/14886	Trust: 0.6

sources: CERT/CC: VU#927630 // VULHUB: VHN-10196 // BID: 9455 // CNNVD: CNNVD-200401-033 // NVD: CVE-2004-1766

CREDITS

NetScreen Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200401-033

SOURCES

db:	CERT/CC	id:	VU#927630
db:	VULHUB	id:	VHN-10196
db:	BID	id:	9455
db:	CNNVD	id:	CNNVD-200401-033
db:	NVD	id:	CVE-2004-1766

LAST UPDATE DATE

2024-08-14T15:40:55.988000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#927630	date:	2004-01-23T00:00:00
db:	VULHUB	id:	VHN-10196	date:	2017-07-11T00:00:00
db:	BID	id:	9455	date:	2004-01-20T00:00:00
db:	CNNVD	id:	CNNVD-200401-033	date:	2006-08-23T00:00:00
db:	NVD	id:	CVE-2004-1766	date:	2017-07-11T01:31:20.230

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#927630	date:	2004-01-22T00:00:00
db:	VULHUB	id:	VHN-10196	date:	2004-01-20T00:00:00
db:	BID	id:	9455	date:	2004-01-20T00:00:00
db:	CNNVD	id:	CNNVD-200401-033	date:	2004-01-20T00:00:00
db:	NVD	id:	CVE-2004-1766	date:	2004-01-20T05:00:00