cvelistv5 - cve-2007-6273

CVE-2007-6273 (GCVE-0-2007-6273)

Vulnerability from cvelistv5 – Published: 2007-12-07 11:00 – Updated: 2024-08-07 16:02

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.sec-consult.com/305.html	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=119678272603064&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/26689	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1019038	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2007/4094	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/27917	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:02:36.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sec-consult.com/305.html"
          },
          {
            "name": "20071204 SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
          },
          {
            "name": "26689",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26689"
          },
          {
            "name": "1019038",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019038"
          },
          {
            "name": "ADV-2007-4094",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4094"
          },
          {
            "name": "27917",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27917"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-12-12T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sec-consult.com/305.html"
        },
        {
          "name": "20071204 SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
        },
        {
          "name": "26689",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26689"
        },
        {
          "name": "1019038",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019038"
        },
        {
          "name": "ADV-2007-4094",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4094"
        },
        {
          "name": "27917",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27917"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6273",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.sec-consult.com/305.html",
              "refsource": "MISC",
              "url": "http://www.sec-consult.com/305.html"
            },
            {
              "name": "20071204 SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
            },
            {
              "name": "26689",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26689"
            },
            {
              "name": "1019038",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019038"
            },
            {
              "name": "ADV-2007-4094",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4094"
            },
            {
              "name": "27917",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27917"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6273",
    "datePublished": "2007-12-07T11:00:00",
    "dateReserved": "2007-12-07T00:00:00",
    "dateUpdated": "2024-08-07T16:02:36.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sonicwall:global_vpn_client:3.1.556:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70492A61-47AC-466F-B480-57C9264B171A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sonicwall:global_vpn_client:4.0.0.810:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3102BE7-A101-4C8E-9085-54B66A245F49\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de cadena de formato en el fichero de configuracion SonicWALL GLobal VPN Client 3.1.556 y 4.0.0.810.  Permite que atacantes remotos ejecuten c\\u00f3digo a su elecci\\u00f3n, usando especificadores de cadena de formato en : (1) la etiqueta Hostname o el (2) atributo name en la etiqueta Connection. \\r\\nNOTA: puede que no existan circunstancias reales en las cuales este problema permita cruzar los l\\u00edmites establecidos por los privilegios.\"}]",
      "id": "CVE-2007-6273",
      "lastModified": "2024-11-21T00:39:45.130",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-12-07T11:46:00.000",
      "references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/27917\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.sec-consult.com/305.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/26689\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1019038\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4094\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/27917\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.sec-consult.com/305.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/26689\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1019038\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4094\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-134\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6273\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-12-07T11:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de cadena de formato en el fichero de configuracion SonicWALL GLobal VPN Client 3.1.556 y 4.0.0.810.  Permite que atacantes remotos ejecuten c\u00f3digo a su elecci\u00f3n, usando especificadores de cadena de formato en : (1) la etiqueta Hostname o el (2) atributo name en la etiqueta Connection. \\r\\nNOTA: puede que no existan circunstancias reales en las cuales este problema permita cruzar los l\u00edmites establecidos por los privilegios.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:global_vpn_client:3.1.556:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70492A61-47AC-466F-B480-57C9264B171A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:global_vpn_client:4.0.0.810:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3102BE7-A101-4C8E-9085-54B66A245F49\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/27917\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.sec-consult.com/305.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/26689\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019038\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4094\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/27917\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.sec-consult.com/305.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/26689\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019038\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2007-6273

Vulnerability from fkie_nvd - Published: 2007-12-07 11:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=119678272603064&w=2	Exploit
cve@mitre.org	http://secunia.com/advisories/27917	Vendor Advisory
cve@mitre.org	http://www.sec-consult.com/305.html	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/26689	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1019038
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4094
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=119678272603064&w=2	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27917	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.sec-consult.com/305.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26689	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019038
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4094

Impacted products

	Vendor	Product	Version
	sonicwall	global_vpn_client	3.1.556
	sonicwall	global_vpn_client	4.0.0.810

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sonicwall:global_vpn_client:3.1.556:*:*:*:*:*:*:*",
              "matchCriteriaId": "70492A61-47AC-466F-B480-57C9264B171A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:global_vpn_client:4.0.0.810:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3102BE7-A101-4C8E-9085-54B66A245F49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de cadena de formato en el fichero de configuracion SonicWALL GLobal VPN Client 3.1.556 y 4.0.0.810.  Permite que atacantes remotos ejecuten c\u00f3digo a su elecci\u00f3n, usando especificadores de cadena de formato en : (1) la etiqueta Hostname o el (2) atributo name en la etiqueta Connection. \r\nNOTA: puede que no existan circunstancias reales en las cuales este problema permita cruzar los l\u00edmites establecidos por los privilegios."
    }
  ],
  "id": "CVE-2007-6273",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-12-07T11:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27917"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.sec-consult.com/305.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/26689"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019038"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27917"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.sec-consult.com/305.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/26689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4094"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MQJJ-F8W5-HJ73

Vulnerability from github – Published: 2022-05-01 18:41 – Updated: 2022-05-01 18:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-134"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-12-07T11:46:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.",
  "id": "GHSA-mqjj-f8w5-hj73",
  "modified": "2022-05-01T18:41:12Z",
  "published": "2022-05-01T18:41:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6273"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27917"
    },
    {
      "type": "WEB",
      "url": "http://www.sec-consult.com/305.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26689"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019038"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4094"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-6273

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-6273

Aliases

CVE-2007-6273

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6273",
    "description": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.",
    "id": "GSD-2007-6273"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6273"
      ],
      "details": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.",
      "id": "GSD-2007-6273",
      "modified": "2023-12-13T01:21:39.219853Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6273",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.sec-consult.com/305.html",
            "refsource": "MISC",
            "url": "http://www.sec-consult.com/305.html"
          },
          {
            "name": "20071204 SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
          },
          {
            "name": "26689",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26689"
          },
          {
            "name": "1019038",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019038"
          },
          {
            "name": "ADV-2007-4094",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4094"
          },
          {
            "name": "27917",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27917"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:global_vpn_client:3.1.556:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:global_vpn_client:4.0.0.810:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6273"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-134"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071204 SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
            },
            {
              "name": "http://www.sec-consult.com/305.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.sec-consult.com/305.html"
            },
            {
              "name": "26689",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/26689"
            },
            {
              "name": "27917",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27917"
            },
            {
              "name": "1019038",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019038"
            },
            {
              "name": "ADV-2007-4094",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4094"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-03-08T03:02Z",
      "publishedDate": "2007-12-07T11:46Z"
    }
  }
}

VAR-200712-0158

Vulnerability from variot - Updated: 2023-12-18 13:15

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries. SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions. Versions prior to SonicWALL Global VPN Client 4.0.0.830 are affected. Local attackers may use this vulnerability to elevate their privileges.

2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.

The vulnerability is caused due to a format-string error when processing a VPN configuration file. This can be exploited by e.g.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 3.1.0.556 and also reported in version 4.0.0.810. Other versions may also be affected.

SOLUTION: The vendor has reportedly issued version 4.0.0.830, which fixes the vulnerability.

PROVIDED AND/OR DISCOVERED BY: Discovered by lofi42 and reported via SEC Consult.

ORIGINAL ADVISORY: SEC Consult (20071204-0): http://www.sec-consult.com/305.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200712-0158",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "global vpn client",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sonicwall",
        "version": "3.1.556"
      },
      {
        "model": "global vpn client",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sonicwall",
        "version": "4.0.0.810"
      },
      {
        "model": "global vpn client",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": "3.1.556 and  4.0.0.810"
      },
      {
        "model": "global vpn client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sonicwall",
        "version": "4.0.782"
      },
      {
        "model": "global vpn client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sonicwall",
        "version": "4.0.830"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26689"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-006406"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-082"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:global_vpn_client:3.1.556:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:global_vpn_client:4.0.0.810:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-6273"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Bernhard Mueller research@sec-consult.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-082"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-6273",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-6273",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-29635",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-6273",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200712-082",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-29635",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29635"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-006406"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-082"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries. SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. \nSuccessfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions. \nVersions prior to SonicWALL Global VPN Client 4.0.0.830 are affected. Local attackers may use this vulnerability to elevate their privileges. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nThe vulnerability is caused due to a format-string error when\nprocessing a VPN configuration file. This can be exploited by e.g. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is confirmed in version 3.1.0.556 and also reported\nin version 4.0.0.810. Other versions may also be affected. \n\nSOLUTION:\nThe vendor has reportedly issued version 4.0.0.830, which fixes the\nvulnerability. \n\nPROVIDED AND/OR DISCOVERED BY:\nDiscovered by lofi42 and reported via SEC Consult. \n\nORIGINAL ADVISORY:\nSEC Consult (20071204-0):\nhttp://www.sec-consult.com/305.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-6273"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-006406"
      },
      {
        "db": "BID",
        "id": "26689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-29635"
      },
      {
        "db": "PACKETSTORM",
        "id": "61494"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-29635",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29635"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-6273",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "26689",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "27917",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1019038",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4094",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-006406",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20071204 SEC CONSULT SA-20071204-0 :: SONICWALL GLOBAL VPN CLIENT FORMAT",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "11231",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-082",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-84204",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "30840",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-29635",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "61494",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29635"
      },
      {
        "db": "BID",
        "id": "26689"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-006406"
      },
      {
        "db": "PACKETSTORM",
        "id": "61494"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-082"
      }
    ]
  },
  "id": "VAR-200712-0158",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29635"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:15:39.129000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "GLobal VPN Client",
        "trust": 0.8,
        "url": "http://www.vpn-technology.com/datasheets/global_vpn_client.pdf"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-006406"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-134",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-006406"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6273"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.sec-consult.com/305.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26689"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1019038"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/27917"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/4094"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6273"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6273"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/4094"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/11231"
      },
      {
        "trust": 0.3,
        "url": "http://www.vpn-technology.com/datasheets/global_vpn_client.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=119678272603064\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/16784/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27917/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/16783/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29635"
      },
      {
        "db": "BID",
        "id": "26689"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-006406"
      },
      {
        "db": "PACKETSTORM",
        "id": "61494"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-082"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-29635"
      },
      {
        "db": "BID",
        "id": "26689"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-006406"
      },
      {
        "db": "PACKETSTORM",
        "id": "61494"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-082"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-29635"
      },
      {
        "date": "2007-12-04T00:00:00",
        "db": "BID",
        "id": "26689"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-006406"
      },
      {
        "date": "2007-12-06T03:48:33",
        "db": "PACKETSTORM",
        "id": "61494"
      },
      {
        "date": "2007-12-07T11:46:00",
        "db": "NVD",
        "id": "CVE-2007-6273"
      },
      {
        "date": "2007-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200712-082"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-29635"
      },
      {
        "date": "2007-12-13T20:22:00",
        "db": "BID",
        "id": "26689"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-006406"
      },
      {
        "date": "2011-03-08T03:02:18.597000",
        "db": "NVD",
        "id": "CVE-2007-6273"
      },
      {
        "date": "2007-12-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200712-082"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-082"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SonicWALL GLobal VPN Client Format string vulnerability in configuration files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-006406"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "format string",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-082"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-6273 (GCVE-0-2007-6273)

FKIE_CVE-2007-6273

GHSA-MQJJ-F8W5-HJ73

GSD-2007-6273

VAR-200712-0158

Tags

Sightings

Nomenclature