VAR-200306-0129
Vulnerability from variot - Updated: 2023-12-18 11:41Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections. Symantec produces a range of hardware and software firewall products. A number of these products have been reported to have a vulnerability related to the creation of TCP Initial Sequence Numbers (ISNs). Reportedly, vulnerable products will reuse ISN values for connections with the same source and destination IP and port, over a limited time period. An attacker able to gain knowledge of this ISN may spoof new connections from the specified IP address, or inject data into legitimate connections. Remote attackers can use this vulnerability to perform IP spoofing or data insertion attacks on the current connection. The firewall's application-layer protocol inspection technology can prevent session spoofing and hijacking through random TCP initial sequence numbers for new proxy connections. During this time, an attacker can capture the initial TCP handshake of an early session from a legitimate IP
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200306-0129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway security",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "5300"
},
{
"model": "enterprise firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "7.0"
},
{
"model": "velociraptor",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "model_1200"
},
{
"model": "gateway security",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "5110"
},
{
"model": "velociraptor",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "model_1100"
},
{
"model": "velociraptor",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "model_1000"
},
{
"model": "gateway security",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "5200"
},
{
"model": "velociraptor",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "model_1300"
},
{
"model": "velociraptor",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "model_700"
},
{
"model": "velociraptor",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "model_500"
},
{
"model": "raptor firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "enterprise firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "6.5.2"
},
{
"model": "raptor firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "6.5.3"
},
{
"model": "velociraptor",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "1.5"
},
{
"model": "velociraptor",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "1.1"
},
{
"model": "velociraptor",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "1.0"
},
{
"model": "raptor firewall solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.3"
},
{
"model": "raptor firewall windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "ghost corporate edition",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5"
},
{
"model": "gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "52001.0"
},
{
"model": "gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "51101.0"
},
{
"model": "enterprise firewall solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.0"
},
{
"model": "enterprise firewall nt/2000",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.0"
},
{
"model": "enterprise firewall nt/2000",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.2"
}
],
"sources": [
{
"db": "BID",
"id": "5387"
},
{
"db": "NVD",
"id": "CVE-2002-1463"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-045"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:symantec:raptor_firewall:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:raptor_firewall:6.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:enterprise_firewall:6.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:enterprise_firewall:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:velociraptor:model_500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:velociraptor:model_700:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:velociraptor:model_1200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:velociraptor:model_1300:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:velociraptor:model_1000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:velociraptor:model_1100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:symantec:gateway_security:5110:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:symantec:gateway_security:5200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:symantec:gateway_security:5300:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1463"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kristof Philipsen\u203b kristof.philipsen@ubizen.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-045"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1463",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5848",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1463",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200306-045",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5848",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5848"
},
{
"db": "NVD",
"id": "CVE-2002-1463"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-045"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections. Symantec produces a range of hardware and software firewall products. A number of these products have been reported to have a vulnerability related to the creation of TCP Initial Sequence Numbers (ISNs). \nReportedly, vulnerable products will reuse ISN values for connections with the same source and destination IP and port, over a limited time period. An attacker able to gain knowledge of this ISN may spoof new connections from the specified IP address, or inject data into legitimate connections. Remote attackers can use this vulnerability to perform IP spoofing or data insertion attacks on the current connection. The firewall\u0027s application-layer protocol inspection technology can prevent session spoofing and hijacking through random TCP initial sequence numbers for new proxy connections. During this time, an attacker can capture the initial TCP handshake of an early session from a legitimate IP",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1463"
},
{
"db": "BID",
"id": "5387"
},
{
"db": "VULHUB",
"id": "VHN-5848"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5848",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5848"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5387",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1463",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "855",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200306-045",
"trust": 0.7
},
{
"db": "XF",
"id": "12836",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020802 SECURITY ADVISORY: RAPTOR FIREWALL WEAK ISN VULNERABILITY",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "19522",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5848",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5848"
},
{
"db": "BID",
"id": "5387"
},
{
"db": "NVD",
"id": "CVE-2002-1463"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-045"
}
]
},
"id": "VAR-200306-0129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5848"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:41:37.847000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1463"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5387"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0492.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/855"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12836"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/12836"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5848"
},
{
"db": "BID",
"id": "5387"
},
{
"db": "NVD",
"id": "CVE-2002-1463"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-045"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5848"
},
{
"db": "BID",
"id": "5387"
},
{
"db": "NVD",
"id": "CVE-2002-1463"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-045"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-5848"
},
{
"date": "2002-08-02T00:00:00",
"db": "BID",
"id": "5387"
},
{
"date": "2003-06-09T04:00:00",
"db": "NVD",
"id": "CVE-2002-1463"
},
{
"date": "2002-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-045"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5848"
},
{
"date": "2002-08-02T00:00:00",
"db": "BID",
"id": "5387"
},
{
"date": "2017-10-10T01:30:12.813000",
"db": "NVD",
"id": "CVE-2002-1463"
},
{
"date": "2005-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-045"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-045"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Symantec Product initialization TCP Serial number is not strong enough",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-045"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "5387"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-045"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…