Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1937

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1937
Last Modified 05 Sep 2008 04:31:54
Published 31 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1937

Summary

Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password.

Vulnerable Systems


References

XF - firewallvpn-arp-mitm(10442)

BUGTRAQ - 20021022 Re: Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R

BUGTRAQ - 20021022 Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R


Last Updated: 27 May 2016 10:37:32