Sign-up

ID

VAR-200708-0308


CVE

CVE-2007-4422


TITLE

Symanatec Enterprise Firewall User name is guessed

Trust: 0.8

sources: JVNDB: JVNDB-2007-000624

DESCRIPTION

The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. Symantec Enterprise Firewall is prone to a username-enumeration weakness. An attacker can exploit this issue to enumerate valid user names. This may aid in further attacks. There is a loophole in the processing of certain authentication requests in SEP, and a remote attacker may use this loophole to brute-force guess a valid user name. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Symantec Enterprise Firewall User Enumeration Weakness SECUNIA ADVISORY ID: SA26511 VERIFY ADVISORY: http://secunia.com/advisories/26511/ CRITICAL: Not critical IMPACT: Exposure of sensitive information WHERE: >From remote SOFTWARE: Symantec Enterprise Firewall 6.x http://secunia.com/product/15339/ DESCRIPTION: A weakness has been reported in Symantec Enterprise Firewall, which can be exploited by malicious people to determine valid usernames. The problem is that a different response is sent when using a valid or invalid username and can be exploited to determine valid usernames. Successful exploitation requires that the application is configured for remote access (client-to-gateway) VPN using pre-shared key (PSK) authentication. The weakness is reported in version 6.x. SOLUTION: The vendor recommends adding the "default-ikeuser" username. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: The vendor credits Roy Hill, NTA Monitor Ltd. ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2007.08.16.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-4422 // JVNDB: JVNDB-2007-000624 // BID: 25338 // VULHUB: VHN-27784 // PACKETSTORM: 58682

AFFECTED PRODUCTS

vendor:symantecmodel:enterprise firewallscope:eqversion:6

Trust: 1.6

vendor:symantecmodel:enterprise firewallscope:eqversion:8.0

Trust: 0.8

vendor:symantecmodel:gateway security 1600 seriesscope:eqversion:3.0.1

Trust: 0.8

vendor:symantecmodel:gateway security 300 seriesscope:eqversion:2.1

Trust: 0.8

vendor:symantecmodel:gateway security 400 seriesscope:eqversion:2.1

Trust: 0.8

vendor:symantecmodel:gateway security 5000 seriesscope:eqversion:3.0.1

Trust: 0.8

vendor:symantecmodel:enterprise firewall nt/2000scope:eqversion:6.5.2

Trust: 0.3

vendor:symantecmodel:enterprise firewallscope:eqversion:6.0

Trust: 0.3

vendor:shaun shat netmodel:network query tool ntscope:eqversion:6.5

Trust: 0.3

sources: BID: 25338 // JVNDB: JVNDB-2007-000624 // CNNVD: CNNVD-200708-307 // NVD: CVE-2007-4422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-4422
value: HIGH

Trust: 1.0

NVD: CVE-2007-4422
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200708-307
value: CRITICAL

Trust: 0.6

VULHUB: VHN-27784
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-4422
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-27784
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-27784 // JVNDB: JVNDB-2007-000624 // CNNVD: CNNVD-200708-307 // NVD: CVE-2007-4422

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4422

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-307

TYPE

Design Error

Trust: 0.9

sources: BID: 25338 // CNNVD: CNNVD-200708-307

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-000624

PATCH
title:SYM07-023url:http://securityresponse.symantec.com/avcenter/security/Content/2007.08.16.html
Trust: 0.8
title:SYM07-023url:http://www.symantec.com/region/jp/avcenter/security/content/2007.08.16.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-000624

EXTERNAL IDS
db:NVDid:CVE-2007-4422
Trust: 2.8
db:BIDid:25338
Trust: 2.8
db:SECUNIAid:26511
Trust: 2.6
db:SECTRACKid:1018578
Trust: 2.5
db:VUPENid:ADV-2007-2909
Trust: 1.7
db:OSVDBid:36489
Trust: 1.7
db:XFid:36081
Trust: 1.4
db:JVNDBid:JVNDB-2007-000624
Trust: 0.8
db:CNNVDid:CNNVD-200708-307
Trust: 0.6
db:VULHUBid:VHN-27784
Trust: 0.1
db:PACKETSTORMid:58682
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27784 // 
            
            
            
            BID: 25338 // 
            
            
            
            JVNDB: JVNDB-2007-000624 // 
            
            
            
            PACKETSTORM: 58682 // 
            
            
            
            CNNVD: CNNVD-200708-307 // 
            
            
            
            NVD: CVE-2007-4422

REFERENCES
url:http://www.securityfocus.com/bid/25338
Trust: 2.5
url:http://www.securitytracker.com/id?1018578
Trust: 2.5
url:http://www.symantec.com/avcenter/security/content/2007.08.16.html
Trust: 2.0
url:http://www.osvdb.org/36489
Trust: 1.7
url:http://secunia.com/advisories/26511
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2007/2909
Trust: 1.4
url:http://xforce.iss.net/xforce/xfdb/36081
Trust: 1.4
url:http://www.vupen.com/english/advisories/2007/2909
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/36081
Trust: 1.1
url:http://secunia.com/advisories/26511/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4422
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4422
Trust: 0.8
url:http://enterprisesecurity.symantec.com/products/products.cfm?productid=47
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://securityresponse.symantec.com/avcenter/security/content/2007.08.16.html
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/15339/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27784 // 
            
            
            
            BID: 25338 // 
            
            
            
            JVNDB: JVNDB-2007-000624 // 
            
            
            
            PACKETSTORM: 58682 // 
            
            
            
            CNNVD: CNNVD-200708-307 // 
            
            
            
            NVD: CVE-2007-4422

CREDITS
Roy Hill
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200708-307

SOURCES
db:VULHUBid:VHN-27784
db:BIDid:25338
db:JVNDBid:JVNDB-2007-000624
db:PACKETSTORMid:58682
db:CNNVDid:CNNVD-200708-307
db:NVDid:CVE-2007-4422

LAST UPDATE DATE
2024-11-23T23:10:25.280000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-27784date:2017-07-29T00:00:00
db:BIDid:25338date:2015-05-07T17:36:00
db:JVNDBid:JVNDB-2007-000624date:2007-08-30T00:00:00
db:CNNVDid:CNNVD-200708-307date:2007-08-22T00:00:00
db:NVDid:CVE-2007-4422date:2024-11-21T00:35:33.567

SOURCES RELEASE DATE
db:VULHUBid:VHN-27784date:2007-08-18T00:00:00
db:BIDid:25338date:2007-08-16T00:00:00
db:JVNDBid:JVNDB-2007-000624date:2007-08-30T00:00:00
db:PACKETSTORMid:58682date:2007-08-18T03:25:01
db:CNNVDid:CNNVD-200708-307date:2007-08-18T00:00:00
db:NVDid:CVE-2007-4422date:2007-08-18T21:17:00