Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1979

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1979
Last Modified 03 Apr 2009 12:00:00
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1979

Summary

WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.

Vulnerable Systems


References

CERT-VN - VU#328867

CONFIRM - http://www.kb.cert.org/vuls/id/AAMN-5EQR65


Last Updated: 27 May 2016 10:37:34