Lucene search

[email protected]CVE-2007-4422

HistoryAug 18, 2007 - 9:17 p.m.

CVE-2007-4422

2007-08-1821:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4422

symantec

enterprise firewall

vpn

psk

authentication

remote attackers

username enumeration

6.9 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.192 Low

EPSS

Percentile

96.3%

JSON

The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.

Affected configurations

NVD

Node

symantecenterprise_firewallMatch6

CPENameOperatorVersion
symantec:enterprise_firewallsymantec enterprise firewalleq6

CPE	Name	Operator	Version
symantec:enterprise_firewall	symantec enterprise firewall	eq	6

References

secunia.com/advisories/26511

www.osvdb.org/36489

www.securityfocus.com/bid/25338

www.securitytracker.com/id?1018578

www.symantec.com/avcenter/security/Content/2007.08.16.html

www.vupen.com/english/advisories/2007/2909

exchange.xforce.ibmcloud.com/vulnerabilities/36081

6.9 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.192 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2007-4422

prion1 cvelist1 nvd1