VAR-200203-0082
Vulnerability from variot - Updated: 2023-12-18 13:31Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command. Avirt Gateway Suite is a product combining the functionality of Avirt Gateway and Avirt Mail. It is designed as a single solution for collection of client machines sharing a single internet connection. It is available for the Microsoft Windows operating system. By default, a telnet proxy server accepts connections from a configured, accepted IP address range. Any user may connect and browse the server file system or gain access to a command prompt. By default, the server runs with SYSTEM privileges. The software package contains a telnet proxy program, which listens to port 23 by default
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200203-0082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway suite",
"scope": "eq",
"trust": 1.9,
"vendor": "avirt",
"version": "4.2"
},
{
"model": "gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "avirt",
"version": "4.2"
}
],
"sources": [
{
"db": "BID",
"id": "3901"
},
{
"db": "NVD",
"id": "CVE-2002-0134"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-077"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:avirt:avirt_gateway_suite:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0134"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Strumpf Noir Society\u203b vuln-dev@labs.secureance.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200203-077"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0134",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4529",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0134",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200203-077",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4529",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4529"
},
{
"db": "NVD",
"id": "CVE-2002-0134"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-077"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a \"dos\" command. Avirt Gateway Suite is a product combining the functionality of Avirt Gateway and Avirt Mail. It is designed as a single solution for collection of client machines sharing a single internet connection. It is available for the Microsoft Windows operating system. \nBy default, a telnet proxy server accepts connections from a configured, accepted IP address range. Any user may connect and browse the server file system or gain access to a command prompt. By default, the server runs with SYSTEM privileges. The software package contains a telnet proxy program, which listens to port 23 by default",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0134"
},
{
"db": "BID",
"id": "3901"
},
{
"db": "VULHUB",
"id": "VHN-4529"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3901",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-0134",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200203-077",
"trust": 0.7
},
{
"db": "XF",
"id": "7915",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020117 AVIRT GATEWAY SUITE REMOTE SYSTEM LEVEL COMPROMISE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020220 AVIRT 4.2 QUESTION",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4529",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4529"
},
{
"db": "BID",
"id": "3901"
},
{
"db": "NVD",
"id": "CVE-2002-0134"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-077"
}
]
},
"id": "VAR-200203-0082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4529"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:31:07.274000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0134"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3901"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/7915.php"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=101131669102843\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=101424723728817\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=101424723728817\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=101131669102843\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.avirt.com/index.html"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=101131669102843\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=101424723728817\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4529"
},
{
"db": "BID",
"id": "3901"
},
{
"db": "NVD",
"id": "CVE-2002-0134"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-077"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4529"
},
{
"db": "BID",
"id": "3901"
},
{
"db": "NVD",
"id": "CVE-2002-0134"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-077"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-4529"
},
{
"date": "2002-01-17T00:00:00",
"db": "BID",
"id": "3901"
},
{
"date": "2002-03-25T05:00:00",
"db": "NVD",
"id": "CVE-2002-0134"
},
{
"date": "2002-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200203-077"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-4529"
},
{
"date": "2009-07-11T09:56:00",
"db": "BID",
"id": "3901"
},
{
"date": "2016-10-18T02:16:27.237000",
"db": "NVD",
"id": "CVE-2002-0134"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200203-077"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200203-077"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Avirt Gateway Suite telnet Agent remote execution arbitrary command vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200203-077"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "3901"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-077"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…