Vulnerability-Lookup

CVE-2007-3787 (GCVE-0-2007-3787)

Vulnerability from cvelistv5 – Published: 2007-07-15 23:00 – Updated: 2024-08-07 14:28

Summary

The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

5 references

URL	Tags
http://labs.calyptix.com/CX-2007-05.php	x_refsource_MISC
http://osvdb.org/38175	vdb-entryx_refsource_OSVDB
http://labs.calyptix.com/CX-2007-05.txt	x_refsource_MISC
http://www.securityfocus.com/archive/1/473663/100…	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/26005	third-party-advisoryx_refsource_SECUNIA

Date Public

2007-07-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:52.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://labs.calyptix.com/CX-2007-05.php"
          },
          {
            "name": "38175",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38175"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://labs.calyptix.com/CX-2007-05.txt"
          },
          {
            "name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
          },
          {
            "name": "26005",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://labs.calyptix.com/CX-2007-05.php"
        },
        {
          "name": "38175",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38175"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://labs.calyptix.com/CX-2007-05.txt"
        },
        {
          "name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
        },
        {
          "name": "26005",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26005"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3787",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://labs.calyptix.com/CX-2007-05.php",
              "refsource": "MISC",
              "url": "http://labs.calyptix.com/CX-2007-05.php"
            },
            {
              "name": "38175",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38175"
            },
            {
              "name": "http://labs.calyptix.com/CX-2007-05.txt",
              "refsource": "MISC",
              "url": "http://labs.calyptix.com/CX-2007-05.txt"
            },
            {
              "name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
            },
            {
              "name": "26005",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26005"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3787",
    "datePublished": "2007-07-15T23:00:00.000Z",
    "dateReserved": "2007-07-15T00:00:00.000Z",
    "dateUpdated": "2024-08-07T14:28:52.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2007-3787",
      "date": "2026-06-07",
      "epss": "0.01037",
      "percentile": "0.77768"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20031001:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23C143C9-B4C9-4AED-8698-3A6BAB40E5B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20060921:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEC5A842-DDBB-4140-8A82-D6E5B5443501\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20070605:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A374FD80-4BDE-4E07-8E72-C651C42C6C28\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.\"}, {\"lang\": \"es\", \"value\": \"El dispositivo UTM eSoft InstaGate EX2 no requiere la introducci\\u00f3n de una contrase\\u00f1a antigua cuando se cambia la contrase\\u00f1a de administrador, lo cual podr\\u00eda permitir a atacantes remotos, obtener privilegios conduciendo un ataque CSRF, realizando un cambio de contrase\\u00f1a desde una estaci\\u00f3n de trabajo desatendida, u otros ataques.\"}]",
      "id": "CVE-2007-3787",
      "lastModified": "2024-11-21T00:34:03.930",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": true}]}",
      "published": "2007-07-15T23:30:00.000",
      "references": "[{\"url\": \"http://labs.calyptix.com/CX-2007-05.php\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://labs.calyptix.com/CX-2007-05.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/38175\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26005\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/473663/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://labs.calyptix.com/CX-2007-05.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://labs.calyptix.com/CX-2007-05.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/38175\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/473663/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3787\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-07-15T23:30:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.\"},{\"lang\":\"es\",\"value\":\"El dispositivo UTM eSoft InstaGate EX2 no requiere la introducci\u00f3n de una contrase\u00f1a antigua cuando se cambia la contrase\u00f1a de administrador, lo cual podr\u00eda permitir a atacantes remotos, obtener privilegios conduciendo un ataque CSRF, realizando un cambio de contrase\u00f1a desde una estaci\u00f3n de trabajo desatendida, u otros ataques.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20031001:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23C143C9-B4C9-4AED-8698-3A6BAB40E5B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20060921:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC5A842-DDBB-4140-8A82-D6E5B5443501\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20070605:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A374FD80-4BDE-4E07-8E72-C651C42C6C28\"}]}]}],\"references\":[{\"url\":\"http://labs.calyptix.com/CX-2007-05.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://labs.calyptix.com/CX-2007-05.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/38175\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26005\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/473663/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.calyptix.com/CX-2007-05.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://labs.calyptix.com/CX-2007-05.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/38175\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/473663/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2007-3787

Vulnerability from fkie_nvd - Published: 2007-07-15 23:30 - Updated: 2026-04-23 00:35

Severity

Summary

References

URL	Tags
cve@mitre.org	http://labs.calyptix.com/CX-2007-05.php	Patch, Vendor Advisory
cve@mitre.org	http://labs.calyptix.com/CX-2007-05.txt	Patch, Vendor Advisory
cve@mitre.org	http://osvdb.org/38175
cve@mitre.org	http://secunia.com/advisories/26005
cve@mitre.org	http://www.securityfocus.com/archive/1/473663/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://labs.calyptix.com/CX-2007-05.php	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://labs.calyptix.com/CX-2007-05.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/38175
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26005
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/473663/100/0/threaded

Impacted products

Vendor	Product	Version
esoft	instagate_ex2_utm	firmware_3.1.20031001
esoft	instagate_ex2_utm	firmware_3.1.20060921
esoft	instagate_ex2_utm	firmware_3.1.20070605

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20031001:*:*:*:*:*:*:*",
              "matchCriteriaId": "23C143C9-B4C9-4AED-8698-3A6BAB40E5B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20060921:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC5A842-DDBB-4140-8A82-D6E5B5443501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20070605:*:*:*:*:*:*:*",
              "matchCriteriaId": "A374FD80-4BDE-4E07-8E72-C651C42C6C28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks."
    },
    {
      "lang": "es",
      "value": "El dispositivo UTM eSoft InstaGate EX2 no requiere la introducci\u00f3n de una contrase\u00f1a antigua cuando se cambia la contrase\u00f1a de administrador, lo cual podr\u00eda permitir a atacantes remotos, obtener privilegios conduciendo un ataque CSRF, realizando un cambio de contrase\u00f1a desde una estaci\u00f3n de trabajo desatendida, u otros ataques."
    }
  ],
  "id": "CVE-2007-3787",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-07-15T23:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.calyptix.com/CX-2007-05.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.calyptix.com/CX-2007-05.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/38175"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26005"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.calyptix.com/CX-2007-05.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.calyptix.com/CX-2007-05.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/38175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-P7X8-595F-3WHP

Vulnerability from github – Published: 2022-05-01 18:17 – Updated: 2022-05-01 18:17

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3787"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-07-15T23:30:00Z",
    "severity": "HIGH"
  },
  "details": "The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.",
  "id": "GHSA-p7x8-595f-3whp",
  "modified": "2022-05-01T18:17:17Z",
  "published": "2022-05-01T18:17:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3787"
    },
    {
      "type": "WEB",
      "url": "http://labs.calyptix.com/CX-2007-05.php"
    },
    {
      "type": "WEB",
      "url": "http://labs.calyptix.com/CX-2007-05.txt"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/38175"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26005"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-3787

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-3787

Aliases

CVE-2007-3787

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3787",
    "description": "The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.",
    "id": "GSD-2007-3787"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3787"
      ],
      "details": "The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.",
      "id": "GSD-2007-3787",
      "modified": "2023-12-13T01:21:41.655455Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-3787",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://labs.calyptix.com/CX-2007-05.php",
            "refsource": "MISC",
            "url": "http://labs.calyptix.com/CX-2007-05.php"
          },
          {
            "name": "38175",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/38175"
          },
          {
            "name": "http://labs.calyptix.com/CX-2007-05.txt",
            "refsource": "MISC",
            "url": "http://labs.calyptix.com/CX-2007-05.txt"
          },
          {
            "name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
          },
          {
            "name": "26005",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26005"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20031001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20060921:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20070605:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3787"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://labs.calyptix.com/CX-2007-05.php",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://labs.calyptix.com/CX-2007-05.php"
            },
            {
              "name": "http://labs.calyptix.com/CX-2007-05.txt",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://labs.calyptix.com/CX-2007-05.txt"
            },
            {
              "name": "26005",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26005"
            },
            {
              "name": "38175",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/38175"
            },
            {
              "name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:30Z",
      "publishedDate": "2007-07-15T23:30Z"
    }
  }
}

VAR-200707-0279

Vulnerability from variot - Updated: 2023-12-18 12:12

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

TITLE: eSoft InstaGate Cross-Site Request Forgery Vulnerability

SECUNIA ADVISORY ID: SA26005

VERIFY ADVISORY: http://secunia.com/advisories/26005/

CRITICAL: Less critical

IMPACT: Cross Site Scripting

WHERE:

From remote

OPERATING SYSTEM: eSoft InstaGate http://secunia.com/product/14790/

DESCRIPTION: Daniel Weber has reported a vulnerability in eSoft InstaGate, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The vulnerability is caused due to the web interface of the device allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited e.g. to change certain settings or to change the administrator's password by enticing a logged-in administrator to visit a malicious site.

The vulnerability is reported in eSoft InstaGate EX2. Other versions may also be affected.

SOLUTION: Update to firmware version 3.1.20070615 or later.

PROVIDED AND/OR DISCOVERED BY: Daniel Weber, Calyptix Security

ORIGINAL ADVISORY: http://labs.calyptix.com/CX-2007-05.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200707-0279",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "instagate ex2 utm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "esoft",
        "version": "firmware_3.1.20031001"
      },
      {
        "model": "instagate ex2 utm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "esoft",
        "version": "firmware_3.1.20070605"
      },
      {
        "model": "instagate ex2 utm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "esoft",
        "version": "firmware_3.1.20060921"
      },
      {
        "model": "instagate ex2 utm",
        "scope": null,
        "trust": 0.8,
        "vendor": "esoft",
        "version": null
      },
      {
        "model": "instagate ex2 utm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "esoft",
        "version": "3.1.2007060"
      },
      {
        "model": "instagate ex2 utm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "esoft",
        "version": "3.1.2006092"
      },
      {
        "model": "instagate ex2 utm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "esoft",
        "version": "3.1.2003100"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "85584"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002353"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3787"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-240"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20031001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20060921:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20070605:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3787"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "85584"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2007-3787",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2007-3787",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-27149",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-3787",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200707-240",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-27149",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002353"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3787"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-240"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks. Instagate Ex2 Utm is prone to a denial-of-service vulnerability. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n----------------------------------------------------------------------\n\nTITLE:\neSoft InstaGate Cross-Site Request Forgery Vulnerability\n\nSECUNIA ADVISORY ID:\nSA26005\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26005/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\neSoft InstaGate\nhttp://secunia.com/product/14790/\n\nDESCRIPTION:\nDaniel Weber has reported a vulnerability in eSoft InstaGate, which\ncan be exploited by malicious people to conduct cross-site request\nforgery attacks. \n\nThe vulnerability is caused due to the web interface of the device\nallowing users to perform certain actions via HTTP requests without\nperforming any validity checks to verify the request. This can be\nexploited e.g. to change certain settings or to change the\nadministrator\u0027s password by enticing a logged-in administrator to\nvisit a malicious site. \n\nThe vulnerability is reported in eSoft InstaGate EX2. Other versions\nmay also be affected. \n\nSOLUTION:\nUpdate to firmware version 3.1.20070615 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nDaniel Weber, Calyptix Security\n\nORIGINAL ADVISORY:\nhttp://labs.calyptix.com/CX-2007-05.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3787"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002353"
      },
      {
        "db": "BID",
        "id": "85584"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27149"
      },
      {
        "db": "PACKETSTORM",
        "id": "57765"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-3787",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "26005",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "38175",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002353",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-240",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20070711 CALYPTIX SECURITY ADVISORY CX-2007-05 - ESOFT INSTAGATE EX2 CROSS-SITE REQUEST FORGERY ATTACK",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "85584",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-27149",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "57765",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27149"
      },
      {
        "db": "BID",
        "id": "85584"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002353"
      },
      {
        "db": "PACKETSTORM",
        "id": "57765"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3787"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-240"
      }
    ]
  },
  "id": "VAR-200707-0279",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27149"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:12:32.381000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.esoft.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002353"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3787"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://labs.calyptix.com/cx-2007-05.txt"
      },
      {
        "trust": 2.0,
        "url": "http://labs.calyptix.com/cx-2007-05.php"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/38175"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26005"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
      },
      {
        "trust": 0.9,
        "url": "http://www.securityfocus.com/archive/1/archive/1/473663/100/0/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3787"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3787"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26005/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14790/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27149"
      },
      {
        "db": "BID",
        "id": "85584"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002353"
      },
      {
        "db": "PACKETSTORM",
        "id": "57765"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3787"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-240"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-27149"
      },
      {
        "db": "BID",
        "id": "85584"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002353"
      },
      {
        "db": "PACKETSTORM",
        "id": "57765"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3787"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-240"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-07-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27149"
      },
      {
        "date": "2007-07-15T00:00:00",
        "db": "BID",
        "id": "85584"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002353"
      },
      {
        "date": "2007-07-17T01:59:39",
        "db": "PACKETSTORM",
        "id": "57765"
      },
      {
        "date": "2007-07-15T23:30:00",
        "db": "NVD",
        "id": "CVE-2007-3787"
      },
      {
        "date": "2007-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-240"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27149"
      },
      {
        "date": "2007-07-15T00:00:00",
        "db": "BID",
        "id": "85584"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002353"
      },
      {
        "date": "2018-10-15T21:30:56.020000",
        "db": "NVD",
        "id": "CVE-2007-3787"
      },
      {
        "date": "2007-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-240"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-240"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "eSoft InstaGate EX2 UTM Vulnerability to gain privileges on devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002353"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "unknown",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-240"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-3787 (GCVE-0-2007-3787)

FKIE_CVE-2007-3787

GHSA-P7X8-595F-3WHP

GSD-2007-3787

VAR-200707-0279

Tags

Sightings

Nomenclature