Sign-up

ID

VAR-200701-0042


CVE

CVE-2007-0334


TITLE

Ingate Firewall Such as SIP Vulnerability to execute replay attack on authentication mechanism in module

Trust: 0.8

sources: JVNDB: JVNDB-2007-003233

DESCRIPTION

Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors. Ingate Firewall and SIParator are prone to an unspecified authentication-replay vulnerability. Very few details regarding this issue are available at this time. This BID will be updated as more information becomes available. Versions prior to 4.5.1 are vulnerable. Both Ingate Firewall and SIParator are enterprise-level hardware firewall devices. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Ingate Firewall and SIParator Replay Attack Vulnerability SECUNIA ADVISORY ID: SA23737 VERIFY ADVISORY: http://secunia.com/advisories/23737/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Ingate Firewall 4.x http://secunia.com/product/4050/ Ingate SIParator 4.x http://secunia.com/product/5687/ DESCRIPTION: A vulnerability has been reported in Ingate Firewall and SIParator, which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: Update to version 4.5.1. http://www.ingate.com/upgrades.php PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ingate.com/relnote-451.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-0334 // JVNDB: JVNDB-2007-003233 // BID: 22080 // VULHUB: VHN-23696 // PACKETSTORM: 53723

AFFECTED PRODUCTS

vendor:ingatemodel:firewall and siparatorscope:lteversion:4.5.0

Trust: 1.0

vendor:ingatemodel:firewall and siparatorscope:ltversion:4.5.1

Trust: 0.8

vendor:ingatemodel:firewall and siparatorscope:eqversion:4.5.0

Trust: 0.6

vendor:ingatemodel:siparatorscope:eqversion:4.4.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.4

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.3.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.2.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.4

Trust: 0.3

vendor:ingatemodel:firewalllscope:eqversion:4.4

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.4.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.4

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.2

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.2

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.1.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.3.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.2.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:neversion:4.5.1

Trust: 0.3

vendor:ingatemodel:firewallscope:neversion:4.5.1

Trust: 0.3

sources: BID: 22080 // JVNDB: JVNDB-2007-003233 // CNNVD: CNNVD-200701-291 // NVD: CVE-2007-0334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0334
value: HIGH

Trust: 1.0

NVD: CVE-2007-0334
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200701-291
value: HIGH

Trust: 0.6

VULHUB: VHN-23696
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-0334
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-23696
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-23696 // JVNDB: JVNDB-2007-003233 // CNNVD: CNNVD-200701-291 // NVD: CVE-2007-0334

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0334

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-291

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200701-291

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003233

PATCH
title:Ingate Firewallurl:http://www.ingate.com/firewalls.php
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-003233

EXTERNAL IDS
db:NVDid:CVE-2007-0334
Trust: 2.5
db:BIDid:22080
Trust: 2.0
db:SECUNIAid:23737
Trust: 1.8
db:OSVDBid:32831
Trust: 1.7
db:VUPENid:ADV-2007-0209
Trust: 1.7
db:JVNDBid:JVNDB-2007-003233
Trust: 0.8
db:CNNVDid:CNNVD-200701-291
Trust: 0.7
db:XFid:31546
Trust: 0.6
db:VULHUBid:VHN-23696
Trust: 0.1
db:PACKETSTORMid:53723
Trust: 0.1
sources:
            
            
            VULHUB: VHN-23696 // 
            
            
            
            BID: 22080 // 
            
            
            
            JVNDB: JVNDB-2007-003233 // 
            
            
            
            PACKETSTORM: 53723 // 
            
            
            
            CNNVD: CNNVD-200701-291 // 
            
            
            
            NVD: CVE-2007-0334

REFERENCES
url:http://www.ingate.com/relnote-451.php
Trust: 2.1
url:http://www.securityfocus.com/bid/22080
Trust: 1.7
url:http://osvdb.org/32831
Trust: 1.7
url:http://secunia.com/advisories/23737
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/0209
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/31546
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0334
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0334
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/0209
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/31546
Trust: 0.6
url:http://www.ingate.com/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/4050/
Trust: 0.1
url:http://secunia.com/software_inspector/
Trust: 0.1
url:http://secunia.com/product/5687/
Trust: 0.1
url:http://secunia.com/advisories/23737/
Trust: 0.1
url:http://www.ingate.com/upgrades.php
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-23696 // 
            
            
            
            BID: 22080 // 
            
            
            
            JVNDB: JVNDB-2007-003233 // 
            
            
            
            PACKETSTORM: 53723 // 
            
            
            
            CNNVD: CNNVD-200701-291 // 
            
            
            
            NVD: CVE-2007-0334

CREDITS
Ingate
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200701-291

SOURCES
db:VULHUBid:VHN-23696
db:BIDid:22080
db:JVNDBid:JVNDB-2007-003233
db:PACKETSTORMid:53723
db:CNNVDid:CNNVD-200701-291
db:NVDid:CVE-2007-0334

LAST UPDATE DATE
2024-11-23T23:03:25.223000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-23696date:2017-07-29T00:00:00
db:BIDid:22080date:2007-01-17T01:50:00
db:JVNDBid:JVNDB-2007-003233date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200701-291date:2007-01-21T00:00:00
db:NVDid:CVE-2007-0334date:2024-11-21T00:25:36.240

SOURCES RELEASE DATE
db:VULHUBid:VHN-23696date:2007-01-18T00:00:00
db:BIDid:22080date:2007-01-16T00:00:00
db:JVNDBid:JVNDB-2007-003233date:2012-09-25T00:00:00
db:PACKETSTORMid:53723date:2007-01-18T08:44:32
db:CNNVDid:CNNVD-200701-291date:2007-01-17T00:00:00
db:NVDid:CVE-2007-0334date:2007-01-18T02:28:00