Lucene search

[email protected]CVE-2007-3464

HistoryJun 27, 2007 - 6:30 p.m.

CVE-2007-3464

2007-06-2718:30:00

[email protected]

web.nvd.nist.gov

check point

sofaware

safe@office

firmware

embedded ngx

privilege escalation

csrf

attack

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.9%

JSON

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.

Affected configurations

NVD

Node

sofawaresafe_at_office_500_utmRange≤embedded_ngx_7.0.39_ga

CPENameOperatorVersion
sofaware:safe_at_office_500_utmsofaware safe at office 500 utmleembedded_ngx_7.0.39_ga

CPE	Name	Operator	Version
sofaware:safe_at_office_500_utm	sofaware safe at office 500 utm	le	embedded_ngx_7.0.39_ga

References

labs.calyptix.com/CX-2007-04.php

labs.calyptix.com/CX-2007-04.txt

osvdb.org/37644

www.securityfocus.com/archive/1/472290/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/35094

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.9%

JSON

Related for CVE-2007-3464

nvd1 prion1 cvelist1