| Vulnerability Name: | CVE-2007-0188 (CCN-31441) | ||||||||
| Assigned: | 2007-01-05 | ||||||||
| Published: | 2007-01-05 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. | ||||||||
| CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Fri Jan 05 2007 - 18:09:26 CST NNL-Labs & MNIN - F5 FirePass Security Advisory Source: MITRE Type: CNA CVE-2007-0188 Source: FULLDISC Type: UNKNOWN 20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory Source: CCN Type: SA23640 FirePass URL Restriction Bypass Vulnerabilities Source: SECUNIA Type: UNKNOWN 23640 Source: CCN Type: F5 Networks FirePass Web site FirePass - SSL VPN solution from F5 Networks Source: MISC Type: UNKNOWN http://www.mnin.org/advisories/2007_firepass.pdf Source: OSVDB Type: UNKNOWN 32734 Source: CCN Type: OSVDB ID: 32734 F5 FirePass Dotless IP Address URL Restriction Bypass Source: BID Type: UNKNOWN 21957 Source: CCN Type: BID-21957 F5 Firepass Multiple Input Validation Vulnerabilities Source: XF Type: UNKNOWN firepass-dword-security-bypass(31441) Source: CONFIRM Type: UNKNOWN https://tech.f5.com/home/solutions/sol6922.html | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||