cvelistv5 - CVE-2007-2462

CVE-2007-2462

Vulnerability from cvelistv5

Published

2007-05-02 22:00

Modified

2024-08-07 13:42

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/25109
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml	Patch
cve@mitre.org	http://www.kb.cert.org/vuls/id/210876	US Government Resource
cve@mitre.org	http://www.osvdb.org/35331
cve@mitre.org	http://www.securityfocus.com/bid/23768
cve@mitre.org	http://www.securitytracker.com/id?1017994
cve@mitre.org	http://www.securitytracker.com/id?1017995
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1636
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34020
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25109
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/210876	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/35331
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23768
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017994
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017995
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1636
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34020

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:42:32.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017994",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017994"
          },
          {
            "name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
          },
          {
            "name": "VU#210876",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/210876"
          },
          {
            "name": "cisco-asa-ldap-authentication-bypass(34020)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
          },
          {
            "name": "ADV-2007-1636",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1636"
          },
          {
            "name": "1017995",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017995"
          },
          {
            "name": "35331",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/35331"
          },
          {
            "name": "23768",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23768"
          },
          {
            "name": "25109",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25109"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017994",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017994"
        },
        {
          "name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
        },
        {
          "name": "VU#210876",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/210876"
        },
        {
          "name": "cisco-asa-ldap-authentication-bypass(34020)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
        },
        {
          "name": "ADV-2007-1636",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1636"
        },
        {
          "name": "1017995",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017995"
        },
        {
          "name": "35331",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/35331"
        },
        {
          "name": "23768",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23768"
        },
        {
          "name": "25109",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25109"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2462",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017994",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017994"
            },
            {
              "name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
            },
            {
              "name": "VU#210876",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/210876"
            },
            {
              "name": "cisco-asa-ldap-authentication-bypass(34020)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
            },
            {
              "name": "ADV-2007-1636",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1636"
            },
            {
              "name": "1017995",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017995"
            },
            {
              "name": "35331",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/35331"
            },
            {
              "name": "23768",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23768"
            },
            {
              "name": "25109",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25109"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2462",
    "datePublished": "2007-05-02T22:00:00",
    "dateReserved": "2007-05-02T00:00:00",
    "dateUpdated": "2024-08-07T13:42:32.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.2\", \"matchCriteriaId\": \"36B51668-5055-4B10-9E0F-D25C470C9A80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4991BC7-B07D-4D8C-885C-136AD9D4E209\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.2.2\", \"matchCriteriaId\": \"051F79C8-3058-4926-A533-73F5A269599E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E623855-FB2B-4B8A-85E8-B8DC29A3FBB0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en Cisco Adaptive Security Appliance (ASA) y PIX 7.2 before 7.2(2)8, cuando utilizan Layer 2 Tunneling Protocol (L2TP) o Remote Management Access, permite a atacantes remotos evitar la validaci\\u00f3n LDAP y ganar privilegios a trav\\u00e9s de vectores desconocidos.\"}]",
      "evaluatorSolution": "The vendor has addressed this issue with the following update:\r\nhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml",
      "id": "CVE-2007-2462",
      "lastModified": "2024-11-21T00:30:50.973",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-05-02T22:19:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/25109\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/210876\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/35331\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/23768\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1017994\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1017995\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1636\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34020\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25109\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/210876\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/35331\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/23768\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1017994\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1017995\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1636\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34020\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2462\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-05-02T22:19:00.000\",\"lastModified\":\"2024-11-21T00:30:50.973\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Cisco Adaptive Security Appliance (ASA) y PIX 7.2 before 7.2(2)8, cuando utilizan Layer 2 Tunneling Protocol (L2TP) o Remote Management Access, permite a atacantes remotos evitar la validaci\u00f3n LDAP y ganar privilegios a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.2\",\"matchCriteriaId\":\"36B51668-5055-4B10-9E0F-D25C470C9A80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4991BC7-B07D-4D8C-885C-136AD9D4E209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.2.2\",\"matchCriteriaId\":\"051F79C8-3058-4926-A533-73F5A269599E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E623855-FB2B-4B8A-85E8-B8DC29A3FBB0\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/25109\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/210876\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/35331\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23768\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1017994\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1017995\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1636\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34020\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25109\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/210876\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/35331\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1017994\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1017995\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1636\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"The vendor has addressed this issue with the following update:\\r\\nhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml\"}}"
  }
}

Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors. The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. According to Cisco Systems information LDAP With authentication PAP (Password Authentication Protocol) There is no effect if is set to use.To a third party LDAP Authentication can be bypassed and unauthorized access to the appliance and internal resources can occur. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. Access to the management session must be explicitly enabled in the device configuration and restricted to defined IP addresses only. This vulnerability is documented in Cisco Bug ID as CSCsh42793.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/

The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

2) An unspecified error when using VPN connections configured with password expiry can be exploited to cause a DoS.

Successful exploitation requires that the tunnel group is configured with password expiry. In order to exploit this in IPSec VPN connections, an attacker also needs to know the group name and group password.

3) A race condition within the processing of non-standard SSL sessions in the SSL VPN server of Cisco ASA appliances can be exploited to cause the device to reload.

Successful exploitation requires that clientless SSL is used.

4) An error within the DHCP relay agent when handling DHCPACK messages can be exploited to cause a DoS due to memory exhaustion by sending a large number of DHCP requests to a vulnerable device.

Successful exploitation requires that devices are configured to use the DHCP relay agent.

SOLUTION: Apply updated software versions. Please see vendor advisories for details.

PROVIDED AND/OR DISCOVERED BY: 1-3) Reported by the vendor. 4) Lisa Sittler and Grant Deffenbaugh, CERT/CC.

ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml

http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html http://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html

US-CERT VU#530057: http://www.kb.cert.org/vuls/id/530057

OTHER REFERENCES: US-CERT VU#210876: http://www.kb.cert.org/vuls/id/210876

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200705-0566",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "pix",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2.2"
      },
      {
        "model": "pix",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.2.2"
      },
      {
        "model": "pix",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.2"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.(2.7)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.(2.16)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(2.15)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(2.14)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(2.10)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(1)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1.(2.48)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1(2.5)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1(2)"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.(2.8)"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.(2.19)"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.(2.17)"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1.(2.49)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "db": "BID",
        "id": "23768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000335"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-034"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2462"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-034"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-2462",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-2462",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-25824",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-2462",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#337508",
            "trust": 0.8,
            "value": "0.70"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#210876",
            "trust": 0.8,
            "value": "2.43"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#530057",
            "trust": 0.8,
            "value": "0.64"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200705-034",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25824",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2007-2462",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25824"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-2462"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000335"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-034"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors. The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. According to Cisco Systems information LDAP With authentication PAP (Password Authentication Protocol) There is no effect if is set to use.To a third party LDAP Authentication can be bypassed and unauthorized access to the appliance and internal resources can occur. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. Access to the management session must be explicitly enabled in the device configuration and restricted to defined IP addresses only. This vulnerability is documented in Cisco Bug ID as CSCsh42793. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nJoin the FREE BETA test of the Network Software Inspector (NSI)!\nhttp://secunia.com/network_software_inspector/\n\nThe NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n2) An unspecified error when using VPN connections configured with\npassword expiry can be exploited to cause a DoS. \n\nSuccessful exploitation requires that the tunnel group is configured\nwith password expiry. In order to exploit this in IPSec VPN\nconnections, an attacker also needs to know the group name and group\npassword. \n\n3) A race condition within the processing of non-standard SSL\nsessions in the SSL VPN server of Cisco ASA appliances can be\nexploited to cause the device to reload. \n\nSuccessful exploitation requires that clientless SSL is used. \n\n4) An error within the DHCP relay agent when handling DHCPACK\nmessages can be exploited to cause a DoS due to memory exhaustion by\nsending a large number of DHCP requests to a vulnerable device. \n\nSuccessful exploitation requires that devices are configured to use\nthe DHCP relay agent. \n\nSOLUTION:\nApply updated software versions. Please see vendor advisories for\ndetails. \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) Reported by the vendor. \n4) Lisa Sittler and Grant Deffenbaugh, CERT/CC. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml\nhttp://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml\n\nhttp://www.cisco.com/en/US/products/products_security_response09186a0080833172.html\nhttp://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html\n\nUS-CERT VU#530057:\nhttp://www.kb.cert.org/vuls/id/530057\n\nOTHER REFERENCES:\nUS-CERT VU#210876:\nhttp://www.kb.cert.org/vuls/id/210876\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2462"
      },
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000335"
      },
      {
        "db": "BID",
        "id": "23768"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25824"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-2462"
      },
      {
        "db": "PACKETSTORM",
        "id": "56436"
      }
    ],
    "trust": 4.32
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#210876",
        "trust": 3.8
      },
      {
        "db": "BID",
        "id": "23768",
        "trust": 2.9
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2462",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "25109",
        "trust": 2.8
      },
      {
        "db": "OSVDB",
        "id": "35331",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1017994",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1017995",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1636",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "34020",
        "trust": 1.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#337508",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000335",
        "trust": 0.8
      },
      {
        "db": "CISCO",
        "id": "20070502 LDAP AND VPN VULNERABILITIES IN PIX AND ASA APPLIANCES",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-034",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-25824",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2007/1636",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-2462",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56436",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25824"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-2462"
      },
      {
        "db": "BID",
        "id": "23768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000335"
      },
      {
        "db": "PACKETSTORM",
        "id": "56436"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-034"
      }
    ]
  },
  "id": "VAR-200705-0566",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25824"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:35:24.146000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20070502-asa",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000335"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2462"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://www.kb.cert.org/vuls/id/210876"
      },
      {
        "trust": 2.6,
        "url": "http://www.osvdb.org/35331"
      },
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/23768"
      },
      {
        "trust": 2.6,
        "url": "http://www.securitytracker.com/id?1017994"
      },
      {
        "trust": 2.6,
        "url": "http://www.securitytracker.com/id?1017995"
      },
      {
        "trust": 2.4,
        "url": "http://www.cisco.com/en/us/products/ps6120/index.html"
      },
      {
        "trust": 2.4,
        "url": "http://en.wikipedia.org/wiki/intrusion-prevention_system"
      },
      {
        "trust": 2.0,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml"
      },
      {
        "trust": 1.8,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/25109"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/1636"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/34020"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2007/1636"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
      },
      {
        "trust": 0.9,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/25109/"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/110/webvpnasa.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/netsol/ns461/networking_solutions_white_paper0900aecd80282f87.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml#details"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsi16248"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsh50277"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/ps6120/products_configuration_guide_chapter09186a0080636f31.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2462"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2462"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/467385"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/337508"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/530057"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6102/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/products/products_applied_intelligence_response09186a008083316f.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/products/products_security_response09186a0080833172.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6115/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25824"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-2462"
      },
      {
        "db": "BID",
        "id": "23768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000335"
      },
      {
        "db": "PACKETSTORM",
        "id": "56436"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-034"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25824"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-2462"
      },
      {
        "db": "BID",
        "id": "23768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000335"
      },
      {
        "db": "PACKETSTORM",
        "id": "56436"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-034"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-05-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "date": "2007-05-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "date": "2007-05-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "date": "2007-05-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25824"
      },
      {
        "date": "2007-05-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2007-2462"
      },
      {
        "date": "2007-05-02T00:00:00",
        "db": "BID",
        "id": "23768"
      },
      {
        "date": "2007-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000335"
      },
      {
        "date": "2007-05-04T05:48:13",
        "db": "PACKETSTORM",
        "id": "56436"
      },
      {
        "date": "2007-05-02T22:19:00",
        "db": "NVD",
        "id": "CVE-2007-2462"
      },
      {
        "date": "2007-05-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200705-034"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-05-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "date": "2007-06-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "date": "2007-05-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25824"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2007-2462"
      },
      {
        "date": "2016-07-06T14:39:00",
        "db": "BID",
        "id": "23768"
      },
      {
        "date": "2007-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000335"
      },
      {
        "date": "2023-08-11T19:02:04.560000",
        "db": "NVD",
        "id": "CVE-2007-2462"
      },
      {
        "date": "2007-05-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200705-034"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-034"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASA clientless SSL VPN denial of service vulnerability",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-034"
      }
    ],
    "trust": 0.6
  }
}

CVE-2007-2462

Vulnerability from fkie_nvd

Published

2007-05-02 22:19

Modified

2024-11-21 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/25109
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml	Patch
cve@mitre.org	http://www.kb.cert.org/vuls/id/210876	US Government Resource
cve@mitre.org	http://www.osvdb.org/35331
cve@mitre.org	http://www.securityfocus.com/bid/23768
cve@mitre.org	http://www.securitytracker.com/id?1017994
cve@mitre.org	http://www.securitytracker.com/id?1017995
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1636
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34020
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25109
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/210876	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/35331
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23768
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017994
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017995
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1636
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34020

Impacted products

Vendor	Product	Version
cisco	pix	*
cisco	pix	7.1
cisco	adaptive_security_appliance_software	*
cisco	adaptive_security_appliance_software	7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36B51668-5055-4B10-9E0F-D25C470C9A80",
              "versionEndIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "051F79C8-3058-4926-A533-73F5A269599E",
              "versionEndIncluding": "7.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E623855-FB2B-4B8A-85E8-B8DC29A3FBB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Cisco Adaptive Security Appliance (ASA) y PIX 7.2 before 7.2(2)8, cuando utilizan Layer 2 Tunneling Protocol (L2TP) o Remote Management Access, permite a atacantes remotos evitar la validaci\u00f3n LDAP y ganar privilegios a trav\u00e9s de vectores desconocidos."
    }
  ],
  "evaluatorSolution": "The vendor has addressed this issue with the following update:\r\nhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml",
  "id": "CVE-2007-2462",
  "lastModified": "2024-11-21T00:30:50.973",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-05-02T22:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25109"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/210876"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/35331"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23768"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017994"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017995"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1636"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/210876"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/35331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017994"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2007-2462

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-2462

Aliases

CVE-2007-2462

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2462",
    "description": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.",
    "id": "GSD-2007-2462"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2462"
      ],
      "details": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.",
      "id": "GSD-2007-2462",
      "modified": "2023-12-13T01:21:37.422287Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2462",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1017994",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017994"
          },
          {
            "name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
          },
          {
            "name": "VU#210876",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/210876"
          },
          {
            "name": "cisco-asa-ldap-authentication-bypass(34020)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
          },
          {
            "name": "ADV-2007-1636",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1636"
          },
          {
            "name": "1017995",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017995"
          },
          {
            "name": "35331",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/35331"
          },
          {
            "name": "23768",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23768"
          },
          {
            "name": "25109",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25109"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2462"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
              "refsource": "CISCO",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
            },
            {
              "name": "VU#210876",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/210876"
            },
            {
              "name": "23768",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/23768"
            },
            {
              "name": "1017994",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017994"
            },
            {
              "name": "1017995",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017995"
            },
            {
              "name": "25109",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25109"
            },
            {
              "name": "35331",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/35331"
            },
            {
              "name": "ADV-2007-1636",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1636"
            },
            {
              "name": "cisco-asa-ldap-authentication-bypass(34020)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-08-11T19:02Z",
      "publishedDate": "2007-05-02T22:19Z"
    }
  }
}

ghsa-4r3r-6x3m-vw6j

Vulnerability from github

Published

2022-05-01 18:03

Modified

2022-05-01 18:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2462"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-05-02T22:19:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.",
  "id": "GHSA-4r3r-6x3m-vw6j",
  "modified": "2022-05-01T18:03:55Z",
  "published": "2022-05-01T18:03:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2462"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25109"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/210876"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/35331"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23768"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017994"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017995"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1636"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-2462

Vulnerability from cvelistv5

var-200705-0566

Vulnerability from variot

CVE-2007-2462

Vulnerability from fkie_nvd

gsd-2007-2462

Vulnerability from gsd

ghsa-4r3r-6x3m-vw6j

Vulnerability from github

Tags

Sightings

Nomenclature