CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
94.2%
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.
Vendor | Product | Version | CPE |
---|---|---|---|
finjan_software | surfingate | 6.0 | cpe:2.3:a:finjan_software:surfingate:6.0:*:*:*:*:*:*:* |
finjan_software | surfingate | 6.0_1 | cpe:2.3:a:finjan_software:surfingate:6.0_1:*:*:*:*:*:*:* |
finjan_software | surfingate | 6.0_5 | cpe:2.3:a:finjan_software:surfingate:6.0_5:*:*:*:*:*:*:* |
finjan_software | surfingate | 7.0 | cpe:2.3:a:finjan_software:surfingate:7.0:*:*:*:*:*:*:* |