cvelistv5 - cve-2004-1474

CVE-2004-1474 (GCVE-0-2004-1474)

Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/12635	third-party-advisoryx_refsource_SECUNIA
	http://securityresponse.symantec.com/avcenter/sec…	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/173910	third-party-advisoryx_refsource_CERT-VN
	http://marc.info/?l=bugtraq&m=109588376426070&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.osvdb.org/10206	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/11237	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:53:24.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "12635",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12635"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
          },
          {
            "name": "VU#173910",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/173910"
          },
          {
            "name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
          },
          {
            "name": "10206",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/10206"
          },
          {
            "name": "symantec-default-snmp(17471)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
          },
          {
            "name": "11237",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11237"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "12635",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12635"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
        },
        {
          "name": "VU#173910",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/173910"
        },
        {
          "name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
        },
        {
          "name": "10206",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/10206"
        },
        {
          "name": "symantec-default-snmp(17471)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
        },
        {
          "name": "11237",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11237"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1474",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "12635",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12635"
            },
            {
              "name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html",
              "refsource": "CONFIRM",
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
            },
            {
              "name": "VU#173910",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/173910"
            },
            {
              "name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
            },
            {
              "name": "10206",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/10206"
            },
            {
              "name": "symantec-default-snmp(17471)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
            },
            {
              "name": "11237",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11237"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1474",
    "datePublished": "2005-02-13T05:00:00",
    "dateReserved": "2005-02-13T00:00:00",
    "dateUpdated": "2024-08-08T00:53:24.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:symantec:firewall_vpn_appliance_100:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5851263-81A6-40AE-8486-E919D5279CC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:symantec:firewall_vpn_appliance_200:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E0D3199-365E-4D26-8D23-6492832EF096\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:symantec:firewall_vpn_appliance_200r:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5081F382-CC20-4C7B-A3F8-08FAF31012D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:symantec:gateway_security_320:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"391E553B-0A8C-4934-8B7C-DD6C0F9FF1A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:symantec:gateway_security_360:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEDE5E45-0984-4F8B-8FCE-52E0FBA3DEEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:symantec:gateway_security_360r:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0896A267-AE1E-47C1-9C75-67A238727F45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:symantec:nexland_isb_soho_firewall_appliance:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EACDC99-3B80-47D8-8BC4-A21CA0BC234B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:symantec:nexland_pro100_firewall_appliance:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99238614-0234-4550-84FB-8B1C7B8CE1E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:symantec:nexland_pro400_firewall_appliance:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"380A5A63-588D-4427-A513-147841B3FB57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:symantec:nexland_pro800_firewall_appliance:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF31AD20-099E-4323-AE18-40C52878454A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:symantec:nexland_pro800turbo_firewall_appliance:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9707BBB-8095-451D-80C7-BAC923BCB786\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:symantec:nexland_wavebase_firewall_appliance:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D072C1C-FC87-4986-9320-EFD9F58F192C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file.\"}]",
      "id": "CVE-2004-1474",
      "lastModified": "2024-11-20T23:50:58.637",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2004-12-31T05:00:00.000",
      "references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/12635\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/173910\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/10206\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/11237\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/17471\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/12635\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/173910\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/10206\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/11237\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/17471\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-1474\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-12-31T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:firewall_vpn_appliance_100:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5851263-81A6-40AE-8486-E919D5279CC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:firewall_vpn_appliance_200:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E0D3199-365E-4D26-8D23-6492832EF096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:firewall_vpn_appliance_200r:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5081F382-CC20-4C7B-A3F8-08FAF31012D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:gateway_security_320:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"391E553B-0A8C-4934-8B7C-DD6C0F9FF1A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:gateway_security_360:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEDE5E45-0984-4F8B-8FCE-52E0FBA3DEEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:gateway_security_360r:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0896A267-AE1E-47C1-9C75-67A238727F45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:nexland_isb_soho_firewall_appliance:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EACDC99-3B80-47D8-8BC4-A21CA0BC234B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:nexland_pro100_firewall_appliance:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99238614-0234-4550-84FB-8B1C7B8CE1E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:nexland_pro400_firewall_appliance:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"380A5A63-588D-4427-A513-147841B3FB57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:nexland_pro800_firewall_appliance:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF31AD20-099E-4323-AE18-40C52878454A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:nexland_pro800turbo_firewall_appliance:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9707BBB-8095-451D-80C7-BAC923BCB786\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:nexland_wavebase_firewall_appliance:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D072C1C-FC87-4986-9320-EFD9F58F192C\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/12635\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/173910\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/10206\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/11237\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17471\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/12635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/173910\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/10206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/11237\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17471\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-FGQ9-GGR2-VG42

Vulnerability from github – Published: 2022-04-29 02:59 – Updated: 2022-04-29 02:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-1474"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-12-31T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file.",
  "id": "GHSA-fgq9-ggr2-vg42",
  "modified": "2022-04-29T02:59:39Z",
  "published": "2022-04-29T02:59:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1474"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/12635"
    },
    {
      "type": "WEB",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/173910"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/10206"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/11237"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200412-0171

Vulnerability from variot - Updated: 2023-12-18 12:13

Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall's configuration file. These issues are due to a failure of the application to handle exceptional conditions, a default configuration issue exists as well. An attacker can leverage a denial of service issue to cause the affected appliance to stop responding, requiring a power off to bring the device back to functionality. A filter bypass issue allows an attacker to bypass the filters on the 'tftpd', 'snmpd', and 'isakmp' services. An attacker can also read and write the community string of the affected device by default, facilitating disclosure and altering of the device's settings. Symantec Nexland legacy firewall appliances are also affected by these issues. Symantec Enterprise Firewall/VPN is an enterprise-level firewall/VPN system. Firewalls have default read/write public strings that allow attackers to collect and change firewall configurations. By combining other vulnerabilities, an attacker can send SNMP GET/SET requests to the WAN interface

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200412-0171",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "nexland pro400 firewall appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "firewall vpn appliance 200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "gateway security 360",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "nexland wavebase firewall appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "gateway security 360r",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "gateway security 320",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "nexland isb soho firewall appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "firewall vpn appliance 100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "nexland pro800 firewall appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "firewall vpn appliance 200r",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "nexland pro800turbo firewall appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "nexland pro100 firewall appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "nexland wavebase firewall appliance",
        "scope": null,
        "trust": 0.9,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "nexland pro400 firewall appliance",
        "scope": null,
        "trust": 0.9,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "nexland pro100 firewall appliance",
        "scope": null,
        "trust": 0.9,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "nexland isb soho firewall appliance",
        "scope": null,
        "trust": 0.9,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "gateway security 360r",
        "scope": null,
        "trust": 0.9,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "gateway security 360",
        "scope": null,
        "trust": 0.6,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "firewall vpn appliance 200r",
        "scope": null,
        "trust": 0.6,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "firewall vpn appliance 100",
        "scope": null,
        "trust": 0.6,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "gateway security 320",
        "scope": null,
        "trust": 0.6,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "firewall vpn appliance 200",
        "scope": null,
        "trust": 0.6,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "nexland pro800turbo firewall appliance",
        "scope": null,
        "trust": 0.3,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "nexland pro800 firewall appliance",
        "scope": null,
        "trust": 0.3,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "gateway security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "360"
      },
      {
        "model": "gateway security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "320"
      },
      {
        "model": "firewall/vpn appliance 200r",
        "scope": null,
        "trust": 0.3,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "firewall/vpn appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "200"
      },
      {
        "model": "firewall/vpn appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "100"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#441078"
      },
      {
        "db": "CERT/CC",
        "id": "VU#329230"
      },
      {
        "db": "CERT/CC",
        "id": "VU#173910"
      },
      {
        "db": "BID",
        "id": "11237"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1474"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1133"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:symantec:gateway_security_360:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:gateway_security_360r:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:firewall_vpn_appliance_100:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:nexland_pro400_firewall_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:nexland_pro800_firewall_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:firewall_vpn_appliance_200:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:firewall_vpn_appliance_200r:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:gateway_security_320:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:nexland_pro800turbo_firewall_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:nexland_wavebase_firewall_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:nexland_isb_soho_firewall_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:nexland_pro100_firewall_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1474"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mike Sues\u203b msues@rigelksecurity.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1133"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2004-1474",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-9904",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-1474",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#441078",
            "trust": 0.8,
            "value": "5.78"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#329230",
            "trust": 0.8,
            "value": "6.06"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#173910",
            "trust": 0.8,
            "value": "15.59"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200412-1133",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-9904",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#441078"
      },
      {
        "db": "CERT/CC",
        "id": "VU#329230"
      },
      {
        "db": "CERT/CC",
        "id": "VU#173910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9904"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1474"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1133"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file.  These issues are due to a failure of the application to handle exceptional conditions, a default configuration issue exists as well. \nAn attacker can leverage a denial of service issue to cause the affected appliance to stop responding, requiring a power off to bring the device back to functionality.  A filter bypass issue allows an attacker to bypass the filters on the \u0027tftpd\u0027, \u0027snmpd\u0027, and \u0027isakmp\u0027 services.  An attacker can also read and write the community string of the affected device by default, facilitating disclosure and altering of the device\u0027s settings. \nSymantec Nexland legacy firewall appliances are also affected by these issues. Symantec Enterprise Firewall/VPN is an enterprise-level firewall/VPN system. Firewalls have default read/write public strings that allow attackers to collect and change firewall configurations. By combining other vulnerabilities, an attacker can send SNMP GET/SET requests to the WAN interface",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1474"
      },
      {
        "db": "CERT/CC",
        "id": "VU#441078"
      },
      {
        "db": "CERT/CC",
        "id": "VU#329230"
      },
      {
        "db": "CERT/CC",
        "id": "VU#173910"
      },
      {
        "db": "BID",
        "id": "11237"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9904"
      }
    ],
    "trust": 3.42
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "11237",
        "trust": 4.4
      },
      {
        "db": "SECUNIA",
        "id": "12635",
        "trust": 4.1
      },
      {
        "db": "OSVDB",
        "id": "10206",
        "trust": 2.5
      },
      {
        "db": "CERT/CC",
        "id": "VU#173910",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1011389",
        "trust": 2.4
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1474",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1011388",
        "trust": 1.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#441078",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#329230",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1133",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "6941",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "6943",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "6943\u203b6942\u203b6941",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "6942",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20040922 MULTIPLE VULNERABILITIES IN SYMANTEC ENTERPRISE FIREWALL/GATEWAY SECURITY PRODUCTS",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "17471",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-9904",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#441078"
      },
      {
        "db": "CERT/CC",
        "id": "VU#329230"
      },
      {
        "db": "CERT/CC",
        "id": "VU#173910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9904"
      },
      {
        "db": "BID",
        "id": "11237"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1474"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1133"
      }
    ]
  },
  "id": "VAR-200412-0171",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-9904"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:13:44.861000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1474"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.1,
        "url": "http://www.securityfocus.com/bid/11237"
      },
      {
        "trust": 2.4,
        "url": "http://www.sarc.com/avcenter/security/content/2004.09.22.html"
      },
      {
        "trust": 2.4,
        "url": "http://www.rigelksecurity.com/services/svcs_sec_advis.html"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/12635/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securitytracker.com/alerts/2004/sep/1011389.html"
      },
      {
        "trust": 2.0,
        "url": "http://securityresponse.symantec.com/avcenter/security/content/2004.09.22.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.kb.cert.org/vuls/id/173910"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/10206"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/12635"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/alerts/2004/sep/1011388.html"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
      },
      {
        "trust": 0.8,
        "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=10206"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=109588376426070\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/17471"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/6943\u203b6942\u203b6941"
      },
      {
        "trust": 0.3,
        "url": "http://www.symantec.com/techsupp"
      },
      {
        "trust": 0.3,
        "url": "http://enterprisesecurity.symantec.com/products/products.cfm?productid=133\u0026eid=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.symantec.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/376029"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=109588376426070\u0026amp;w=2"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#441078"
      },
      {
        "db": "CERT/CC",
        "id": "VU#329230"
      },
      {
        "db": "CERT/CC",
        "id": "VU#173910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9904"
      },
      {
        "db": "BID",
        "id": "11237"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1474"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1133"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#441078"
      },
      {
        "db": "CERT/CC",
        "id": "VU#329230"
      },
      {
        "db": "CERT/CC",
        "id": "VU#173910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9904"
      },
      {
        "db": "BID",
        "id": "11237"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1474"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1133"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-10-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#441078"
      },
      {
        "date": "2004-10-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#329230"
      },
      {
        "date": "2004-10-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#173910"
      },
      {
        "date": "2004-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9904"
      },
      {
        "date": "2004-09-22T00:00:00",
        "db": "BID",
        "id": "11237"
      },
      {
        "date": "2004-12-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-1474"
      },
      {
        "date": "2004-09-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200412-1133"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-10-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#441078"
      },
      {
        "date": "2004-10-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#329230"
      },
      {
        "date": "2004-10-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#173910"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9904"
      },
      {
        "date": "2004-09-22T00:00:00",
        "db": "BID",
        "id": "11237"
      },
      {
        "date": "2017-07-11T01:31:03.917000",
        "db": "NVD",
        "id": "CVE-2004-1474"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200412-1133"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1133"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec Firewall/VPN appliance vulnerable to DoS via UDP port scan",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#441078"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1133"
      }
    ],
    "trust": 0.6
  }
}

GSD-2004-1474

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2004-1474

Aliases

CVE-2004-1474

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-1474",
    "description": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file.",
    "id": "GSD-2004-1474"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-1474"
      ],
      "details": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file.",
      "id": "GSD-2004-1474",
      "modified": "2023-12-13T01:22:56.054516Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-1474",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "12635",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/12635"
          },
          {
            "name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html",
            "refsource": "CONFIRM",
            "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
          },
          {
            "name": "VU#173910",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/173910"
          },
          {
            "name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
          },
          {
            "name": "10206",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/10206"
          },
          {
            "name": "symantec-default-snmp(17471)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
          },
          {
            "name": "11237",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/11237"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:symantec:gateway_security_360:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:gateway_security_360r:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:firewall_vpn_appliance_100:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:nexland_pro400_firewall_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:nexland_pro800_firewall_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:firewall_vpn_appliance_200:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:firewall_vpn_appliance_200r:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:gateway_security_320:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:nexland_pro800turbo_firewall_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:nexland_wavebase_firewall_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:nexland_isb_soho_firewall_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:nexland_pro100_firewall_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1474"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
            },
            {
              "name": "VU#173910",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/173910"
            },
            {
              "name": "11237",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/11237"
            },
            {
              "name": "10206",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/10206"
            },
            {
              "name": "12635",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/12635"
            },
            {
              "name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
            },
            {
              "name": "symantec-default-snmp(17471)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-11T01:31Z",
      "publishedDate": "2004-12-31T05:00Z"
    }
  }
}

FKIE_CVE-2004-1474

Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=109588376426070&w=2
cve@mitre.org	http://secunia.com/advisories/12635
cve@mitre.org	http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html	Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/173910	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.osvdb.org/10206
cve@mitre.org	http://www.securityfocus.com/bid/11237	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17471
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=109588376426070&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/12635
af854a3a-2127-422b-91ae-364da2661108	http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/173910	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/10206
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11237	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17471

Impacted products

Vendor	Product	Version
symantec	firewall_vpn_appliance_100	*
symantec	firewall_vpn_appliance_200	*
symantec	firewall_vpn_appliance_200r	*
symantec	gateway_security_320	*
symantec	gateway_security_360	*
symantec	gateway_security_360r	*
symantec	nexland_isb_soho_firewall_appliance	*
symantec	nexland_pro100_firewall_appliance	*
symantec	nexland_pro400_firewall_appliance	*
symantec	nexland_pro800_firewall_appliance	*
symantec	nexland_pro800turbo_firewall_appliance	*
symantec	nexland_wavebase_firewall_appliance	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_100:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5851263-81A6-40AE-8486-E919D5279CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E0D3199-365E-4D26-8D23-6492832EF096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:firewall_vpn_appliance_200r:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5081F382-CC20-4C7B-A3F8-08FAF31012D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:gateway_security_320:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "391E553B-0A8C-4934-8B7C-DD6C0F9FF1A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:gateway_security_360:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEDE5E45-0984-4F8B-8FCE-52E0FBA3DEEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:gateway_security_360r:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0896A267-AE1E-47C1-9C75-67A238727F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:nexland_isb_soho_firewall_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EACDC99-3B80-47D8-8BC4-A21CA0BC234B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:nexland_pro100_firewall_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99238614-0234-4550-84FB-8B1C7B8CE1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:nexland_pro400_firewall_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "380A5A63-588D-4427-A513-147841B3FB57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:nexland_pro800_firewall_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF31AD20-099E-4323-AE18-40C52878454A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:nexland_pro800turbo_firewall_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9707BBB-8095-451D-80C7-BAC923BCB786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:nexland_wavebase_firewall_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D072C1C-FC87-4986-9320-EFD9F58F192C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall\u0027s configuration file."
    }
  ],
  "id": "CVE-2004-1474",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/12635"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/173910"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/10206"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11237"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109588376426070\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/12635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/173910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/10206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2004-1474 (GCVE-0-2004-1474)

GHSA-FGQ9-GGR2-VG42

VAR-200412-0171

GSD-2004-1474

FKIE_CVE-2004-1474

Tags

Sightings

Nomenclature