Details of VAR-200403-0061

ID

VAR-200403-0061

CVE

CVE-2004-0190

TITLE

Vulnerabilities in multiple Symantec products

Trust: 0.8

sources: JVNDB: JVNDB-2004-000714

DESCRIPTION

Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. Symantec's firewall vpn appliance 100 , firewall vpn appliance 200 , firewall vpn appliance 200r Exists in unspecified vulnerabilities.None. It has been reported that Symantec Firewall/VPN Appliance is prone to an issue where depending on browser settings; administration password credentials may be stored in the browser\proxy cache in plaintext format. Symantec Firewall/VPN Appliance Models 100, 200, 200R are reported to be prone to this vulnerability

Trust: 1.98

sources: NVD: CVE-2004-0190 // JVNDB: JVNDB-2004-000714 // BID: 9784 // VULHUB: VHN-8620

AFFECTED PRODUCTS

vendor:	symantec	model:	firewall vpn appliance 200r	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	firewall vpn appliance 200	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	firewall vpn appliance 100	scope:	eq	version:	*	Trust: 1.0
vendor:	シマンテック	model:	firewall vpn appliance 200r	scope:	-	version:	-	Trust: 0.8
vendor:	シマンテック	model:	firewall vpn appliance 100	scope:	-	version:	-	Trust: 0.8
vendor:	シマンテック	model:	firewall vpn appliance 200	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	firewall vpn appliance 200r	scope:	-	version:	-	Trust: 0.6
vendor:	symantec	model:	firewall vpn appliance 200	scope:	-	version:	-	Trust: 0.6
vendor:	symantec	model:	firewall vpn appliance 100	scope:	-	version:	-	Trust: 0.6
vendor:	symantec	model:	firewall/vpn appliance 200r	scope:	-	version:	-	Trust: 0.3
vendor:	symantec	model:	firewall/vpn appliance	scope:	eq	version:	200	Trust: 0.3
vendor:	symantec	model:	firewall/vpn appliance	scope:	eq	version:	100	Trust: 0.3

sources: BID: 9784 // JVNDB: JVNDB-2004-000714 // CNNVD: CNNVD-200403-066 // NVD: CVE-2004-0190

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0190
value:	HIGH
Trust: 1.0
NVD:	CVE-2004-0190
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200403-066
value:	HIGH
Trust: 0.6
VULHUB:	VHN-8620
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0190
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8620
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8620 // JVNDB: JVNDB-2004-000714 // CNNVD: CNNVD-200403-066 // NVD: CVE-2004-0190

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000714 // NVD: CVE-2004-0190

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200403-066

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200403-066

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0190	Trust: 3.3
db:	BID	id:	9784	Trust: 2.8
db:	OSVDB	id:	4117	Trust: 1.7
db:	JVNDB	id:	JVNDB-2004-000714	Trust: 0.8
db:	CNNVD	id:	CNNVD-200403-066	Trust: 0.7
db:	FULLDISC	id:	20040216 SYMANTEC FIREWALL/VPN APPLIANCE MODEL 200 LEAK OF SECURITY	Trust: 0.6
db:	BUGTRAQ	id:	20040216 SYMANTEC FIREWALL/VPN APPLIANCE MODEL 200 LEAK OF SECURITY	Trust: 0.6
db:	XF	id:	15212	Trust: 0.6
db:	VULHUB	id:	VHN-8620	Trust: 0.1

sources: VULHUB: VHN-8620 // BID: 9784 // JVNDB: JVNDB-2004-000714 // CNNVD: CNNVD-200403-066 // NVD: CVE-2004-0190

REFERENCES

url:	http://www.securityfocus.com/bid/9784	Trust: 2.5
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2004-february/017414.html	Trust: 2.5
url:	http://marc.info/?l=bugtraq&m=107694794031839&w=2	Trust: 1.9
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15212	Trust: 1.9
url:	http://www.osvdb.org/4117	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0190	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/15212	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=107694794031839&w=2	Trust: 0.6
url:	http://enterprisesecurity.symantec.com/products/products.cfm?productid=63	Trust: 0.3
url:	http://www.symantec.com/avcenter/security/content/2004.03.03a.html	Trust: 0.3

sources: VULHUB: VHN-8620 // BID: 9784 // JVNDB: JVNDB-2004-000714 // CNNVD: CNNVD-200403-066 // NVD: CVE-2004-0190

CREDITS

The disclosure of this issue has been credited to Davide Del Vecchio.

Trust: 0.3

sources: BID: 9784

SOURCES

db:	VULHUB	id:	VHN-8620
db:	BID	id:	9784
db:	JVNDB	id:	JVNDB-2004-000714
db:	CNNVD	id:	CNNVD-200403-066
db:	NVD	id:	CVE-2004-0190

LAST UPDATE DATE

2024-08-14T15:36:07.717000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8620	date:	2017-10-10T00:00:00
db:	BID	id:	9784	date:	2004-03-02T00:00:00
db:	JVNDB	id:	JVNDB-2004-000714	date:	2024-05-27T02:25:00
db:	CNNVD	id:	CNNVD-200403-066	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2004-0190	date:	2017-10-10T01:30:19.033

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8620	date:	2004-03-15T00:00:00
db:	BID	id:	9784	date:	2004-03-02T00:00:00
db:	JVNDB	id:	JVNDB-2004-000714	date:	2024-05-27T00:00:00
db:	CNNVD	id:	CNNVD-200403-066	date:	2004-03-15T00:00:00
db:	NVD	id:	CVE-2004-0190	date:	2004-03-15T05:00:00