Sign-up

ID

VAR-200512-0601


CVE

CVE-2005-4157


TITLE

Kerio WinRoute Firewall Unknown vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200512-181

DESCRIPTION

Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled. This issue is most likely due to an authentication error within the application. This may lead to a false sense of security. TITLE: Kerio WinRoute Firewall Potential Denial of Service and Security Bypass SECUNIA ADVISORY ID: SA17519 VERIFY ADVISORY: http://secunia.com/advisories/17519/ CRITICAL: Less critical IMPACT: Security Bypass, DoS WHERE: >From remote SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/ DESCRIPTION: Two vulnerabilities have been reported in Kerio WinRoute Firewall which potentially can be exploited by malicious users to cause a (DoS) Denial of Service and to bypass certain security restrictions. 1) An error in the handling of RTSP streams from certain RTSP servers may cause the service to crash. Some other errors, which may be security related, have also been fixed. SOLUTION: Update to version 6.1.3 http://www.kerio.com/kwf_download.html PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.kerio.com/kwf_history.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-4157 // BID: 15388 // VULHUB: VHN-15365 // PACKETSTORM: 41477

AFFECTED PRODUCTS

vendor:keriomodel:winroute firewallscope:eqversion:6.0

Trust: 0.9

vendor:keriomodel:winroute firewallscope:eqversion:5.1.8

Trust: 0.6

vendor:keriomodel:winroute firewallscope:eqversion:5.1.4

Trust: 0.6

vendor:keriomodel:winroute firewallscope:eqversion:5.1.5

Trust: 0.6

vendor:keriomodel:winroute firewallscope:eqversion:5.1.6

Trust: 0.6

vendor:keriomodel:winroute firewallscope:eqversion:5.10

Trust: 0.6

vendor:keriomodel:winroute firewallscope:eqversion:5.1.7

Trust: 0.6

vendor:keriomodel:winroute firewallscope:eqversion:5.1.2

Trust: 0.6

vendor:keriomodel:winroute firewallscope:eqversion:5.1.3

Trust: 0.6

vendor:keriomodel:winroute firewallscope:eqversion:5.1.9

Trust: 0.6

vendor:keriomodel:winroute firewallscope:eqversion:6.1.2

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.1.1

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.1

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.11

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.9

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.8

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.7

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.6

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.5

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.4

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.3

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.2

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.1

Trust: 0.3

vendor:keriomodel:winroute firewallscope:neversion:6.1.3

Trust: 0.3

sources: BID: 15388 // CNNVD: CNNVD-200512-181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-4157
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200512-181
value: HIGH

Trust: 0.6

VULHUB: VHN-15365
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2005-4157
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-15365
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-15365 // CNNVD: CNNVD-200512-181 // NVD: CVE-2005-4157

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4157

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-181

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200512-181

EXTERNAL IDS

db:BIDid:15388

Trust: 2.0

db:SECUNIAid:17519

Trust: 1.8

db:SECTRACKid:1015194

Trust: 1.7

db:VUPENid:ADV-2005-2391

Trust: 1.7

db:NVDid:CVE-2005-4157

Trust: 1.7

db:CNNVDid:CNNVD-200512-181

Trust: 0.7

db:XFid:23035

Trust: 0.6

db:VULHUBid:VHN-15365

Trust: 0.1

db:PACKETSTORMid:41477

Trust: 0.1

sources: VULHUB: VHN-15365 // BID: 15388 // PACKETSTORM: 41477 // CNNVD: CNNVD-200512-181 // NVD: CVE-2005-4157

REFERENCES

url:http://www.kerio.com/kwf_history.html

Trust: 2.1

url:http://secunia.com/advisories/17519/

Trust: 1.8

url:http://www.securityfocus.com/bid/15388/

Trust: 1.7

url:http://securitytracker.com/alerts/2005/nov/1015194.html

Trust: 1.7

url:http://www.vupen.com/english/advisories/2005/2391

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/23035

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/23035

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2005/2391

Trust: 0.6

url:http://www.kerio.com

Trust: 0.3

url:http://www.kerio.com/kwf_home.html

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/3613/

Trust: 0.1

url:http://www.kerio.com/kwf_download.html

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-15365 // BID: 15388 // PACKETSTORM: 41477 // CNNVD: CNNVD-200512-181 // NVD: CVE-2005-4157

CREDITS

Kerio

Trust: 0.6

sources: CNNVD: CNNVD-200512-181

SOURCES

db:VULHUBid:VHN-15365
db:BIDid:15388
db:PACKETSTORMid:41477
db:CNNVDid:CNNVD-200512-181
db:NVDid:CVE-2005-4157

LAST UPDATE DATE

2024-08-14T14:08:45.482000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-15365date:2017-07-20T00:00:00
db:BIDid:15388date:2005-11-11T00:00:00
db:CNNVDid:CNNVD-200512-181date:2005-12-12T00:00:00
db:NVDid:CVE-2005-4157date:2017-07-20T01:29:10.863

SOURCES RELEASE DATE

db:VULHUBid:VHN-15365date:2005-12-11T00:00:00
db:BIDid:15388date:2005-11-11T00:00:00
db:PACKETSTORMid:41477date:2005-11-11T23:52:11
db:CNNVDid:CNNVD-200512-181date:2005-12-10T00:00:00
db:NVDid:CVE-2005-4157date:2005-12-11T02:03:00