Lucene search

[email protected]CVE-2007-4422

HistoryAug 18, 2007 - 9:17 p.m.

CVE-2007-4422

2007-08-1821:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4422

symantec

enterprise firewall

vpn

psk

authentication

remote attackers

username enumeration

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.463 Medium

EPSS

Percentile

97.4%

JSON

The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.

Affected configurations

NVD

Node

symantecenterprise_firewallMatch6

CPENameOperatorVersion
symantec:enterprise_firewallsymantec enterprise firewalleq6

CPE	Name	Operator	Version
symantec:enterprise_firewall	symantec enterprise firewall	eq	6

References

secunia.com/advisories/26511

www.osvdb.org/36489

www.securityfocus.com/bid/25338

www.securitytracker.com/id?1018578

www.symantec.com/avcenter/security/Content/2007.08.16.html

www.vupen.com/english/advisories/2007/2909

exchange.xforce.ibmcloud.com/vulnerabilities/36081

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.463 Medium

EPSS

Percentile

97.4%

JSON

Related for CVE-2007-4422

nvd1 prion1 cvelist1