CVE-2007-6098 - Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and

CVE-2007-6098

Summary

Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection.

References

Vulnerable Configurations

cpe:2.3:h:ingate:ingate_firewall:*:*:*:*:*:*:*:*
cpe:2.3:h:ingate:ingate_firewall:*:*:*:*:*:*:*:*
cpe:2.3:h:ingate:ingate_siparator:*:*:*:*:*:*:*:*
cpe:2.3:h:ingate:ingate_siparator:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 15-11-2008 - 07:03)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	26486
confirm	http://www.ingate.com/relnote-460.php

Last major update

15-11-2008 - 07:03

Published

22-11-2007 - 00:46

Last modified

15-11-2008 - 07:03