Sign-up

ID

VAR-200711-0145


CVE

CVE-2007-6098


TITLE

Ingate Firewall and SIParator Vulnerable to guessing valid login credentials

Trust: 0.8

sources: JVNDB: JVNDB-2007-004668

DESCRIPTION

Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection. Ingate Firewall and SIParator products are prone to multiple vulnerabilities that include buffer-overflow, information-disclosure, and denial-of-service issues. An attacker may access sensitive information, cause denial-of-service conditions, or potentially execute arbitrary code. Versions prior to Ingate Firewall 4.6.0 and Ingate SIParator 4.6.0 are vulnerable. Both Ingate Firewall and SIParator are enterprise-level hardware firewall devices

Trust: 1.98

sources: NVD: CVE-2007-6098 // JVNDB: JVNDB-2007-004668 // BID: 26486 // VULHUB: VHN-29460

AFFECTED PRODUCTS

vendor:ingatemodel:siparatorscope:lteversion:4.5.2

Trust: 1.0

vendor:ingatemodel:firewallscope:lteversion:4.5.2

Trust: 1.0

vendor:ingatemodel:siparatorscope:eqversion:4.5.2

Trust: 0.9

vendor:ingatemodel:firewallscope:eqversion:4.5.2

Trust: 0.9

vendor:ingatemodel:firewallscope:ltversion:4.6.0

Trust: 0.8

vendor:ingatemodel:siparatorscope:ltversion:4.6.0

Trust: 0.8

vendor:ingatemodel:siparatorscope:eqversion:4.5.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.4.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.4

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.3.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.2.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.4

Trust: 0.3

vendor:ingatemodel:firewalllscope:eqversion:4.4

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.5.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.4.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.4

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.2

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.2

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.1.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.3.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.2.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:neversion:4.6

Trust: 0.3

vendor:ingatemodel:firewallscope:neversion:4.6

Trust: 0.3

sources: BID: 26486 // JVNDB: JVNDB-2007-004668 // CNNVD: CNNVD-200711-331 // NVD: CVE-2007-6098

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-6098
value: HIGH

Trust: 1.0

NVD: CVE-2007-6098
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200711-331
value: HIGH

Trust: 0.6

VULHUB: VHN-29460
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-6098
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-29460
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-29460 // JVNDB: JVNDB-2007-004668 // CNNVD: CNNVD-200711-331 // NVD: CVE-2007-6098

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-DesignError

Trust: 0.8

sources: JVNDB: JVNDB-2007-004668 // NVD: CVE-2007-6098

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200711-331

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200711-331

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-004668

PATCH
title:Ingate Firewallurl:http://www.ingate.com/firewalls.php
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-004668

EXTERNAL IDS
db:NVDid:CVE-2007-6098
Trust: 2.8
db:BIDid:26486
Trust: 2.0
db:JVNDBid:JVNDB-2007-004668
Trust: 0.8
db:CNNVDid:CNNVD-200711-331
Trust: 0.6
db:VULHUBid:VHN-29460
Trust: 0.1
sources:
            
            
            VULHUB: VHN-29460 // 
            
            
            
            BID: 26486 // 
            
            
            
            JVNDB: JVNDB-2007-004668 // 
            
            
            
            CNNVD: CNNVD-200711-331 // 
            
            
            
            NVD: CVE-2007-6098

REFERENCES
url:http://www.ingate.com/relnote-460.php
Trust: 2.0
url:http://www.securityfocus.com/bid/26486
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6098
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6098
Trust: 0.8
url:http://www.ingate.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-29460 // 
            
            
            
            BID: 26486 // 
            
            
            
            JVNDB: JVNDB-2007-004668 // 
            
            
            
            CNNVD: CNNVD-200711-331 // 
            
            
            
            NVD: CVE-2007-6098

CREDITS
Ingate Systems
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200711-331

SOURCES
db:VULHUBid:VHN-29460
db:BIDid:26486
db:JVNDBid:JVNDB-2007-004668
db:CNNVDid:CNNVD-200711-331
db:NVDid:CVE-2007-6098

LAST UPDATE DATE
2024-11-23T22:03:48.257000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-29460date:2008-11-15T00:00:00
db:BIDid:26486date:2007-12-18T20:06:00
db:JVNDBid:JVNDB-2007-004668date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200711-331date:2007-11-23T00:00:00
db:NVDid:CVE-2007-6098date:2024-11-21T00:39:21.313

SOURCES RELEASE DATE
db:VULHUBid:VHN-29460date:2007-11-22T00:00:00
db:BIDid:26486date:2007-11-16T00:00:00
db:JVNDBid:JVNDB-2007-004668date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200711-331date:2007-11-21T00:00:00
db:NVDid:CVE-2007-6098date:2007-11-22T00:46:00