Lucene search

[email protected]NVD:CVE-2002-1979

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-1979

2002-12-3105:00:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.006

Percentile

78.0%

JSON

WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.

Affected configurations

Nvd

Node

watchguardlegacy_rssaRange≤3.2_sp1

watchguardsohoRange≤5.1.6

watchguardvclassRange≤3.2_sp1

VendorProductVersionCPE
watchguardlegacy_rssa*cpe:2.3:h:watchguard:legacy_rssa:*:*:*:*:*:*:*:*
watchguardsoho*cpe:2.3:h:watchguard:soho:*:*:*:*:*:*:*:*
watchguardvclass*cpe:2.3:h:watchguard:vclass:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
watchguard	legacy_rssa	*	cpe:2.3:h:watchguard:legacy_rssa::::::::
watchguard	soho	*	cpe:2.3:h:watchguard:soho::::::::
watchguard	vclass	*	cpe:2.3:h:watchguard:vclass::::::::

References

www.kb.cert.org/vuls/id/328867

www.kb.cert.org/vuls/id/AAMN-5EQR65

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.006

Percentile

78.0%

JSON

Related for NVD:CVE-2002-1979

cvelist1 cve1