Sign-up

ID

VAR-200706-0098


CVE

CVE-2007-3177


TITLE

Ingate Firewall Etc. SIP Vulnerability that bypasses authentication

Trust: 0.8

sources: JVNDB: JVNDB-2007-003989

DESCRIPTION

Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. Both Ingate Firewall and SIParator are enterprise-class hardware firewall devices. Multiple security vulnerabilities exist in Ingate Firewall and SIParator that can be exploited by malicious users to perform spoofing attacks, bypass certain security restrictions, or cause denial of service. 1) If the IPsec tunnel is set up to allow the \"Remote/private address\" hive, it is possible to allow any user hive. 3) Verifying errors in DSA and ECDSA key signatures may result in forgery of server certificates. 4) Verifying errors in HMAC digest may increase the chances of successfully forging SNMPv3 messages. 5) An error in forcing a reject policy from a message that does not use a gateway may result in bypassing spoof protection. 6) Multiple errors in the SIP module may allow a crash or hang due to a specially crafted message. Versions prior to 4.7.1 are vulnerable. Ingate Siparator is prone to a security bypass vulnerability

Trust: 2.79

sources: NVD: CVE-2007-3177 // JVNDB: JVNDB-2007-003989 // CNVD: CNVD-2009-1714 // BID: 34309 // BID: 86090 // VULHUB: VHN-26539

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2009-1714

AFFECTED PRODUCTS

vendor:ingatemodel:siparatorscope:eqversion:4.5.1

Trust: 1.2

vendor:ingatemodel:firewallscope:eqversion:4.5.1

Trust: 1.2

vendor:ingatemodel:firewallscope:lteversion:4.5.1

Trust: 1.0

vendor:ingatemodel:siparatorscope:lteversion:4.5.1

Trust: 1.0

vendor:ingatemodel:firewallscope: - version: -

Trust: 0.8

vendor:ingatemodel:siparatorscope:ltversion:4.5.2

Trust: 0.8

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:ingatemodel:siparatorscope:eqversion:4.6.4

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.6.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.6

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.5.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.4.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.4

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.3.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.2.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.4

Trust: 0.3

vendor:ingatemodel:firewalllscope:eqversion:4.4

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.6.4

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.6.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.6

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.5.2

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.4.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.4

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.2

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.2

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.1.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.3.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.2.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.2

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:neversion:4.7.1

Trust: 0.3

vendor:ingatemodel:firewallscope:neversion:4.7.1

Trust: 0.3

sources: CNVD: CNVD-2009-1714 // BID: 34309 // BID: 86090 // JVNDB: JVNDB-2007-003989 // CNNVD: CNNVD-200706-142 // NVD: CVE-2007-3177

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3177
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3177
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2009-1714
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200706-142
value: MEDIUM

Trust: 0.6

VULHUB: VHN-26539
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3177
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2009-1714
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-26539
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2009-1714 // VULHUB: VHN-26539 // JVNDB: JVNDB-2007-003989 // CNNVD: CNNVD-200706-142 // NVD: CVE-2007-3177

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-26539 // JVNDB: JVNDB-2007-003989 // NVD: CVE-2007-3177

THREAT TYPE

network

Trust: 0.6

sources: BID: 34309 // BID: 86090

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200706-142

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003989

PATCH
title:Ingate Firewallurl:http://www.ingate.com/firewalls.php
Trust: 0.8
title:Patch for multiple security vulnerabilities in InGate Firewall and SIParatorurl:https://www.cnvd.org.cn/patchInfo/show/43113
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2009-1714 // 
            
            
            
            JVNDB: JVNDB-2007-003989

EXTERNAL IDS
db:NVDid:CVE-2007-3177
Trust: 2.8
db:SECUNIAid:25420
Trust: 2.3
db:VUPENid:ADV-2007-1973
Trust: 1.7
db:OSVDBid:36708
Trust: 1.7
db:BIDid:34309
Trust: 0.9
db:XFid:34887
Trust: 0.9
db:JVNDBid:JVNDB-2007-003989
Trust: 0.8
db:CNNVDid:CNNVD-200706-142
Trust: 0.7
db:CNVDid:CNVD-2009-1714
Trust: 0.6
db:BIDid:86090
Trust: 0.4
db:VULHUBid:VHN-26539
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2009-1714 // 
            
            
            
            VULHUB: VHN-26539 // 
            
            
            
            BID: 34309 // 
            
            
            
            BID: 86090 // 
            
            
            
            JVNDB: JVNDB-2007-003989 // 
            
            
            
            CNNVD: CNNVD-200706-142 // 
            
            
            
            NVD: CVE-2007-3177

REFERENCES
url:http://www.ingate.com/relnote-452.php
Trust: 2.0
url:http://osvdb.org/36708
Trust: 1.7
url:http://secunia.com/advisories/25420
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/1973
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34887
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/34887
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3177
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3177
Trust: 0.8
url:http://secunia.com/advisories/25420/
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/1973
Trust: 0.6
url:http://www.ingate.com/
Trust: 0.3
url:http://www.ingate.com/relnote.php?ver=471
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2009-1714 // 
            
            
            
            VULHUB: VHN-26539 // 
            
            
            
            BID: 34309 // 
            
            
            
            BID: 86090 // 
            
            
            
            JVNDB: JVNDB-2007-003989 // 
            
            
            
            CNNVD: CNNVD-200706-142 // 
            
            
            
            NVD: CVE-2007-3177

CREDITS
Ingate
Trust: 0.3
sources:
            
            
            BID: 34309

SOURCES
db:CNVDid:CNVD-2009-1714
db:VULHUBid:VHN-26539
db:BIDid:34309
db:BIDid:86090
db:JVNDBid:JVNDB-2007-003989
db:CNNVDid:CNNVD-200706-142
db:NVDid:CVE-2007-3177

LAST UPDATE DATE
2024-08-14T13:04:43.024000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2009-1714date:2014-01-27T00:00:00
db:VULHUBid:VHN-26539date:2017-07-29T00:00:00
db:BIDid:34309date:2009-04-01T17:06:00
db:BIDid:86090date:2007-06-11T00:00:00
db:JVNDBid:JVNDB-2007-003989date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200706-142date:2007-06-13T00:00:00
db:NVDid:CVE-2007-3177date:2017-07-29T01:32:02.050

SOURCES RELEASE DATE
db:CNVDid:CNVD-2009-1714date:2009-03-23T00:00:00
db:VULHUBid:VHN-26539date:2007-06-11T00:00:00
db:BIDid:34309date:2009-03-23T00:00:00
db:BIDid:86090date:2007-06-11T00:00:00
db:JVNDBid:JVNDB-2007-003989date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200706-142date:2007-06-11T00:00:00
db:NVDid:CVE-2007-3177date:2007-06-11T22:30:00