Search criteria
18 vulnerabilities found for firewall_vpn_appliance_200r by symantec
CVE-2002-1937 (GCVE-0-2002-1937)
Vulnerability from cvelistv5 – Published: 2005-06-28 04:00 – Updated: 2024-09-16 16:38
VLAI?
Summary
Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021022 Re: Sniffing Administrator\u0027s Password in Symantec Firewall/VPN Appliance V. 200R",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0329.html"
},
{
"name": "firewallvpn-arp-mitm(10442)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10442.php"
},
{
"name": "20021022 Sniffing Administrator\u0027s Password in Symantec Firewall/VPN Appliance V. 200R",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0314.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator\u0027s MAC address inside the firewall\u0027s configuration, which allows remote attackers to spoof the administrator\u0027s MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator\u0027s password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021022 Re: Sniffing Administrator\u0027s Password in Symantec Firewall/VPN Appliance V. 200R",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0329.html"
},
{
"name": "firewallvpn-arp-mitm(10442)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10442.php"
},
{
"name": "20021022 Sniffing Administrator\u0027s Password in Symantec Firewall/VPN Appliance V. 200R",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0314.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator\u0027s MAC address inside the firewall\u0027s configuration, which allows remote attackers to spoof the administrator\u0027s MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator\u0027s password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021022 Re: Sniffing Administrator\u0027s Password in Symantec Firewall/VPN Appliance V. 200R",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0329.html"
},
{
"name": "firewallvpn-arp-mitm(10442)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10442.php"
},
{
"name": "20021022 Sniffing Administrator\u0027s Password in Symantec Firewall/VPN Appliance V. 200R",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0314.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1937",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-16T16:38:24.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0618 (GCVE-0-2005-0618)
Vulnerability from cvelistv5 – Published: 2005-03-02 05:00 – Updated: 2024-08-07 21:21
VLAI?
Summary
The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.02.28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:38:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.02.28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14428"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.02.28.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.02.28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0618",
"datePublished": "2005-03-02T05:00:00",
"dateReserved": "2005-03-02T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1472 (GCVE-0-2004-1472)
Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "symantec-firewallvpn-udp-dos(17469)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17469"
},
{
"name": "VU#441078",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/441078"
},
{
"name": "11237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11237"
},
{
"name": "10204",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "symantec-firewallvpn-udp-dos(17469)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17469"
},
{
"name": "VU#441078",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/441078"
},
{
"name": "11237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11237"
},
{
"name": "10204",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10204"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12635"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "symantec-firewallvpn-udp-dos(17469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17469"
},
{
"name": "VU#441078",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/441078"
},
{
"name": "11237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11237"
},
{
"name": "10204",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10204"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1472",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1473 (GCVE-0-2004-1473)
Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-udp-obtain-info(17470)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17470"
},
{
"name": "12635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "11237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11237"
},
{
"name": "10205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10205"
},
{
"name": "VU#329230",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/329230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "symantec-udp-obtain-info(17470)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17470"
},
{
"name": "12635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "11237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11237"
},
{
"name": "10205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10205"
},
{
"name": "VU#329230",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/329230"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-udp-obtain-info(17470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17470"
},
{
"name": "12635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12635"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "11237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11237"
},
{
"name": "10205",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10205"
},
{
"name": "VU#329230",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/329230"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1473",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1474 (GCVE-0-2004-1474)
Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall's configuration file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "VU#173910",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/173910"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "10206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10206"
},
{
"name": "symantec-default-snmp(17471)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
},
{
"name": "11237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "VU#173910",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/173910"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "10206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10206"
},
{
"name": "symantec-default-snmp(17471)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
},
{
"name": "11237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12635"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "VU#173910",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/173910"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "10206",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10206"
},
{
"name": "symantec-default-snmp(17471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
},
{
"name": "11237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1474",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:24.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0190 (GCVE-0-2004-0190)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-firewallvpn-password-plaintext(15212)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15212"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107694794031839\u0026w=2"
},
{
"name": "9784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9784"
},
{
"name": "4117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4117"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017414.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator\u0027s local system or in a proxy, which allows attackers to steal the password and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "symantec-firewallvpn-password-plaintext(15212)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15212"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107694794031839\u0026w=2"
},
{
"name": "9784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9784"
},
{
"name": "4117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4117"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017414.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator\u0027s local system or in a proxy, which allows attackers to steal the password and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-firewallvpn-password-plaintext(15212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15212"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107694794031839\u0026w=2"
},
{
"name": "9784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9784"
},
{
"name": "4117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4117"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017414.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0190",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-03T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1937 (GCVE-0-2002-1937)
Vulnerability from nvd – Published: 2005-06-28 04:00 – Updated: 2024-09-16 16:38
VLAI?
Summary
Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021022 Re: Sniffing Administrator\u0027s Password in Symantec Firewall/VPN Appliance V. 200R",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0329.html"
},
{
"name": "firewallvpn-arp-mitm(10442)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10442.php"
},
{
"name": "20021022 Sniffing Administrator\u0027s Password in Symantec Firewall/VPN Appliance V. 200R",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0314.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator\u0027s MAC address inside the firewall\u0027s configuration, which allows remote attackers to spoof the administrator\u0027s MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator\u0027s password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021022 Re: Sniffing Administrator\u0027s Password in Symantec Firewall/VPN Appliance V. 200R",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0329.html"
},
{
"name": "firewallvpn-arp-mitm(10442)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10442.php"
},
{
"name": "20021022 Sniffing Administrator\u0027s Password in Symantec Firewall/VPN Appliance V. 200R",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0314.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator\u0027s MAC address inside the firewall\u0027s configuration, which allows remote attackers to spoof the administrator\u0027s MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator\u0027s password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021022 Re: Sniffing Administrator\u0027s Password in Symantec Firewall/VPN Appliance V. 200R",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0329.html"
},
{
"name": "firewallvpn-arp-mitm(10442)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10442.php"
},
{
"name": "20021022 Sniffing Administrator\u0027s Password in Symantec Firewall/VPN Appliance V. 200R",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0314.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1937",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-16T16:38:24.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0618 (GCVE-0-2005-0618)
Vulnerability from nvd – Published: 2005-03-02 05:00 – Updated: 2024-08-07 21:21
VLAI?
Summary
The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.02.28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:38:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.02.28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14428"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.02.28.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.02.28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0618",
"datePublished": "2005-03-02T05:00:00",
"dateReserved": "2005-03-02T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1472 (GCVE-0-2004-1472)
Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "symantec-firewallvpn-udp-dos(17469)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17469"
},
{
"name": "VU#441078",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/441078"
},
{
"name": "11237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11237"
},
{
"name": "10204",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "symantec-firewallvpn-udp-dos(17469)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17469"
},
{
"name": "VU#441078",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/441078"
},
{
"name": "11237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11237"
},
{
"name": "10204",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10204"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12635"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "symantec-firewallvpn-udp-dos(17469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17469"
},
{
"name": "VU#441078",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/441078"
},
{
"name": "11237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11237"
},
{
"name": "10204",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10204"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1472",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1473 (GCVE-0-2004-1473)
Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-udp-obtain-info(17470)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17470"
},
{
"name": "12635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "11237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11237"
},
{
"name": "10205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10205"
},
{
"name": "VU#329230",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/329230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "symantec-udp-obtain-info(17470)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17470"
},
{
"name": "12635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "11237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11237"
},
{
"name": "10205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10205"
},
{
"name": "VU#329230",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/329230"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-udp-obtain-info(17470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17470"
},
{
"name": "12635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12635"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "11237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11237"
},
{
"name": "10205",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10205"
},
{
"name": "VU#329230",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/329230"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1473",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1474 (GCVE-0-2004-1474)
Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall's configuration file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "VU#173910",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/173910"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "10206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10206"
},
{
"name": "symantec-default-snmp(17471)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
},
{
"name": "11237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "VU#173910",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/173910"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "10206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10206"
},
{
"name": "symantec-default-snmp(17471)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
},
{
"name": "11237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12635"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"name": "VU#173910",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/173910"
},
{
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"name": "10206",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10206"
},
{
"name": "symantec-default-snmp(17471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
},
{
"name": "11237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1474",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:24.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0190 (GCVE-0-2004-0190)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-firewallvpn-password-plaintext(15212)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15212"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107694794031839\u0026w=2"
},
{
"name": "9784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9784"
},
{
"name": "4117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4117"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017414.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator\u0027s local system or in a proxy, which allows attackers to steal the password and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "symantec-firewallvpn-password-plaintext(15212)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15212"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107694794031839\u0026w=2"
},
{
"name": "9784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9784"
},
{
"name": "4117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4117"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017414.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator\u0027s local system or in a proxy, which allows attackers to steal the password and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-firewallvpn-password-plaintext(15212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15212"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107694794031839\u0026w=2"
},
{
"name": "9784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9784"
},
{
"name": "4117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4117"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017414.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0190",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-03T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2005-0618
Vulnerability from fkie_nvd - Published: 2005-05-02 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nexland | pro800turbo | * | |
| symantec | firewall_vpn_appliance_200r | * | |
| symantec | gateway_security_360 | * | |
| symantec | gateway_security_460 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nexland:pro800turbo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E82EF14-BA0E-4F60-AC5F-25EAEF6584E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200r:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5081F382-CC20-4C7B-A3F8-08FAF31012D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security_360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "648415B3-30CB-4712-95C4-ECB81405D75D",
"versionEndIncluding": "857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security_460:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB952E4C-BE4C-430E-80D2-711C25B781E8",
"versionEndIncluding": "857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network."
}
],
"id": "CVE-2005-0618",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/14428"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.02.28.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.02.28.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1472
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5851263-81A6-40AE-8486-E919D5279CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0D3199-365E-4D26-8D23-6492832EF096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200r:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5081F382-CC20-4C7B-A3F8-08FAF31012D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security:320:*:*:*:*:*:*:*",
"matchCriteriaId": "EFFC0BF4-56EE-414C-8D45-3D2ACCBDC03A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security:360:*:*:*:*:*:*:*",
"matchCriteriaId": "6B786C20-6C40-4DBE-AC24-D8B8E98FD6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security:360r:*:*:*:*:*:*:*",
"matchCriteriaId": "38F65C12-9866-423F-8E59-FE905FE79043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_isb_soho_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EACDC99-3B80-47D8-8BC4-A21CA0BC234B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_pro100_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99238614-0234-4550-84FB-8B1C7B8CE1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_pro400_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "380A5A63-588D-4427-A513-147841B3FB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_pro800_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF31AD20-099E-4323-AE18-40C52878454A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_pro800turbo_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9707BBB-8095-451D-80C7-BAC923BCB786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_wavebase_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D072C1C-FC87-4986-9320-EFD9F58F192C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface."
}
],
"id": "CVE-2004-1472",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12635"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/441078"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/10204"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11237"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/441078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/10204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17469"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1473
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5851263-81A6-40AE-8486-E919D5279CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0D3199-365E-4D26-8D23-6492832EF096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200r:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5081F382-CC20-4C7B-A3F8-08FAF31012D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security_320:*:*:*:*:*:*:*:*",
"matchCriteriaId": "391E553B-0A8C-4934-8B7C-DD6C0F9FF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security_360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDE5E45-0984-4F8B-8FCE-52E0FBA3DEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security_360r:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0896A267-AE1E-47C1-9C75-67A238727F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_isb_soho_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EACDC99-3B80-47D8-8BC4-A21CA0BC234B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_pro100_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99238614-0234-4550-84FB-8B1C7B8CE1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_pro400_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "380A5A63-588D-4427-A513-147841B3FB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_pro800_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF31AD20-099E-4323-AE18-40C52878454A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_pro800turbo_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9707BBB-8095-451D-80C7-BAC923BCB786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_wavebase_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D072C1C-FC87-4986-9320-EFD9F58F192C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53."
}
],
"id": "CVE-2004-1473",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12635"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/329230"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/10205"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11237"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/329230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/10205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17470"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1474
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall's configuration file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5851263-81A6-40AE-8486-E919D5279CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0D3199-365E-4D26-8D23-6492832EF096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200r:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5081F382-CC20-4C7B-A3F8-08FAF31012D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security_320:*:*:*:*:*:*:*:*",
"matchCriteriaId": "391E553B-0A8C-4934-8B7C-DD6C0F9FF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security_360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDE5E45-0984-4F8B-8FCE-52E0FBA3DEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security_360r:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0896A267-AE1E-47C1-9C75-67A238727F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_isb_soho_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EACDC99-3B80-47D8-8BC4-A21CA0BC234B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_pro100_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99238614-0234-4550-84FB-8B1C7B8CE1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_pro400_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "380A5A63-588D-4427-A513-147841B3FB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_pro800_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF31AD20-099E-4323-AE18-40C52878454A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_pro800turbo_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9707BBB-8095-451D-80C7-BAC923BCB786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:nexland_wavebase_firewall_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D072C1C-FC87-4986-9320-EFD9F58F192C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file."
}
],
"id": "CVE-2004-1474",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12635"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/173910"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/10206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11237"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/173910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/10206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0190
Vulnerability from fkie_nvd - Published: 2004-03-15 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | firewall_vpn_appliance_100 | * | |
| symantec | firewall_vpn_appliance_200 | * | |
| symantec | firewall_vpn_appliance_200r | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5851263-81A6-40AE-8486-E919D5279CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0D3199-365E-4D26-8D23-6492832EF096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200r:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5081F382-CC20-4C7B-A3F8-08FAF31012D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator\u0027s local system or in a proxy, which allows attackers to steal the password and gain privileges."
},
{
"lang": "es",
"value": "Symantec FireWall/VPN Appliance model 200 registra la contrase\u00f1a de la p\u00e1gina de administraci\u00f3n en texto claro, que puede ser guardad en cach\u00e9 en el sistema local del administrador o en un proxy, lo que podr\u00eda permitir a atacantes robar la contrase\u00f1a y ganar privilegios."
}
],
"id": "CVE-2004-0190",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017414.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107694794031839\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4117"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9784"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017414.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107694794031839\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2002-1937
Vulnerability from fkie_nvd - Published: 2002-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | firewall_vpn_appliance_100 | * | |
| symantec | firewall_vpn_appliance_200 | * | |
| symantec | firewall_vpn_appliance_200r | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5851263-81A6-40AE-8486-E919D5279CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0D3199-365E-4D26-8D23-6492832EF096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200r:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5081F382-CC20-4C7B-A3F8-08FAF31012D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator\u0027s MAC address inside the firewall\u0027s configuration, which allows remote attackers to spoof the administrator\u0027s MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator\u0027s password."
}
],
"id": "CVE-2002-1937",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0314.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0329.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10442.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0314.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0329.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10442.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}