Lucene search

[email protected]NVD:CVE-2007-3464

HistoryJun 27, 2007 - 6:30 p.m.

CVE-2007-3464

2007-06-2718:30:00

[email protected]

web.nvd.nist.gov

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

59.8%

JSON

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.

Affected configurations

Nvd

Node

sofawaresafe_at_office_500_utmRange≤embedded_ngx_7.0.39_ga

VendorProductVersionCPE
sofawaresafe_at_office_500_utm*cpe:2.3:h:sofaware:safe_at_office_500_utm:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sofaware	safe_at_office_500_utm	*	cpe:2.3:h:sofaware:safe_at_office_500_utm::::::::

References

labs.calyptix.com/CX-2007-04.php

labs.calyptix.com/CX-2007-04.txt

osvdb.org/37644

www.securityfocus.com/archive/1/472290/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/35094

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

59.8%

JSON

Related for NVD:CVE-2007-3464

prion1 cvelist1 cve1