Sign-up

ID

VAR-200706-0097


CVE

CVE-2007-3176


TITLE

Ingate Firewall Etc. Support Report Vulnerability to be downloaded

Trust: 0.8

sources: JVNDB: JVNDB-2007-003988

DESCRIPTION

Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report. Both Ingate Firewall and SIParator are enterprise-class hardware firewall devices. Multiple security vulnerabilities exist in Ingate Firewall and SIParator that can be exploited by malicious users to perform spoofing attacks, bypass certain security restrictions, or cause denial of service. 1) If the IPsec tunnel is set up to allow the \"Remote/private address\" hive, it is possible to allow any user hive. 2) Errors in the IDS/IPS implementation may allow SIP messages to bypass spoofing and IPsec checks. 3) Verifying errors in DSA and ECDSA key signatures may result in forgery of server certificates. 4) Verifying errors in HMAC digest may increase the chances of successfully forging SNMPv3 messages. 5) An error in forcing a reject policy from a message that does not use a gateway may result in bypassing spoof protection. 6) Multiple errors in the SIP module may allow a crash or hang due to a specially crafted message. Versions prior to 4.7.1 are vulnerable. Ingate Siparator is prone to a remote security vulnerability. Unknown vulnerabilities exist in Ingate Firewall and SIParator

Trust: 2.79

sources: NVD: CVE-2007-3176 // JVNDB: JVNDB-2007-003988 // CNVD: CNVD-2009-1714 // BID: 34309 // BID: 86102 // VULHUB: VHN-26538

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2009-1714

AFFECTED PRODUCTS

vendor:ingatemodel:siparatorscope:eqversion:4.5.1

Trust: 1.2

vendor:ingatemodel:firewallscope:eqversion:4.5.1

Trust: 1.2

vendor:ingatemodel:firewallscope:lteversion:4.5.1

Trust: 1.0

vendor:ingatemodel:siparatorscope:lteversion:4.5.1

Trust: 1.0

vendor:ingatemodel:firewallscope: - version: -

Trust: 0.8

vendor:ingatemodel:siparatorscope:ltversion:4.5.2

Trust: 0.8

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:ingatemodel:siparatorscope:eqversion:4.6.4

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.6.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.6

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.5.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.4.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.4

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.3.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.2.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.4

Trust: 0.3

vendor:ingatemodel:firewalllscope:eqversion:4.4

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.6.4

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.6.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.6

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.5.2

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.4.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.4

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.2

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.2

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.1.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.3.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.2.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.2

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:neversion:4.7.1

Trust: 0.3

vendor:ingatemodel:firewallscope:neversion:4.7.1

Trust: 0.3

sources: CNVD: CNVD-2009-1714 // BID: 34309 // BID: 86102 // JVNDB: JVNDB-2007-003988 // CNNVD: CNNVD-200706-149 // NVD: CVE-2007-3176

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3176
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3176
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2009-1714
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200706-149
value: MEDIUM

Trust: 0.6

VULHUB: VHN-26538
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3176
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2009-1714
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-26538
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2009-1714 // VULHUB: VHN-26538 // JVNDB: JVNDB-2007-003988 // CNNVD: CNNVD-200706-149 // NVD: CVE-2007-3176

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3176

THREAT TYPE

network

Trust: 0.6

sources: BID: 34309 // BID: 86102

TYPE

Unknown

Trust: 0.9

sources: BID: 34309 // CNNVD: CNNVD-200706-149

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003988

PATCH
title:Ingate Firewallurl:http://www.ingate.com/firewalls.php
Trust: 0.8
title:Patch for multiple security vulnerabilities in InGate Firewall and SIParatorurl:https://www.cnvd.org.cn/patchInfo/show/43113
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2009-1714 // 
            
            
            
            JVNDB: JVNDB-2007-003988

EXTERNAL IDS
db:NVDid:CVE-2007-3176
Trust: 2.8
db:SECUNIAid:25420
Trust: 2.3
db:VUPENid:ADV-2007-1973
Trust: 1.7
db:OSVDBid:36707
Trust: 1.7
db:BIDid:34309
Trust: 0.9
db:XFid:34885
Trust: 0.9
db:JVNDBid:JVNDB-2007-003988
Trust: 0.8
db:CNNVDid:CNNVD-200706-149
Trust: 0.7
db:CNVDid:CNVD-2009-1714
Trust: 0.6
db:BIDid:86102
Trust: 0.4
db:VULHUBid:VHN-26538
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2009-1714 // 
            
            
            
            VULHUB: VHN-26538 // 
            
            
            
            BID: 34309 // 
            
            
            
            BID: 86102 // 
            
            
            
            JVNDB: JVNDB-2007-003988 // 
            
            
            
            CNNVD: CNNVD-200706-149 // 
            
            
            
            NVD: CVE-2007-3176

REFERENCES
url:http://www.ingate.com/relnote-452.php
Trust: 2.0
url:http://osvdb.org/36707
Trust: 1.7
url:http://secunia.com/advisories/25420
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/1973
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34885
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/34885
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3176
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3176
Trust: 0.8
url:http://secunia.com/advisories/25420/
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/1973
Trust: 0.6
url:http://www.ingate.com/
Trust: 0.3
url:http://www.ingate.com/relnote.php?ver=471
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2009-1714 // 
            
            
            
            VULHUB: VHN-26538 // 
            
            
            
            BID: 34309 // 
            
            
            
            BID: 86102 // 
            
            
            
            JVNDB: JVNDB-2007-003988 // 
            
            
            
            CNNVD: CNNVD-200706-149 // 
            
            
            
            NVD: CVE-2007-3176

CREDITS
Ingate
Trust: 0.3
sources:
            
            
            BID: 34309

SOURCES
db:CNVDid:CNVD-2009-1714
db:VULHUBid:VHN-26538
db:BIDid:34309
db:BIDid:86102
db:JVNDBid:JVNDB-2007-003988
db:CNNVDid:CNNVD-200706-149
db:NVDid:CVE-2007-3176

LAST UPDATE DATE
2024-11-23T21:10:29.250000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2009-1714date:2014-01-27T00:00:00
db:VULHUBid:VHN-26538date:2017-07-29T00:00:00
db:BIDid:34309date:2009-04-01T17:06:00
db:BIDid:86102date:2007-06-11T00:00:00
db:JVNDBid:JVNDB-2007-003988date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200706-149date:2007-06-13T00:00:00
db:NVDid:CVE-2007-3176date:2024-11-21T00:32:35.310

SOURCES RELEASE DATE
db:CNVDid:CNVD-2009-1714date:2009-03-23T00:00:00
db:VULHUBid:VHN-26538date:2007-06-11T00:00:00
db:BIDid:34309date:2009-03-23T00:00:00
db:BIDid:86102date:2007-06-11T00:00:00
db:JVNDBid:JVNDB-2007-003988date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200706-149date:2007-06-11T00:00:00
db:NVDid:CVE-2007-3176date:2007-06-11T22:30:00