Vulnerability CVE-2007-3701 - CERT Civis.Net

Vulnerability Name:

CVE-2007-3701 (CCN-35336)

Assigned:

2007-07-11

Published:

2007-07-11

Updated:

2018-10-15

Summary:

TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: Full-Disclosure Mailing List, Tue Jul 10 2007 - 16:37:03 CDT
TippingPoint IPS Signature Evasion

Source: MITRE
Type: CNA
CVE-2007-3701

Source: FULLDISC
Type: UNKNOWN
20070710 TippingPoint IPS Signature Evasion

Source: OSVDB
Type: UNKNOWN
35970

Source: CCN
Type: SA26013
3Com TippingPoint IPS Extended Unicode Detection Bypass

Source: SECUNIA
Type: UNKNOWN
26013

Source: MISC
Type: Exploit, Patch, Vendor Advisory
http://security-assessment.com/files/advisories/2007-07-11_Tippingpoint_IPS_Signature_Evasion.pdf

Source: CCN
Type: SECTRACK ID: 1018361
TippingPoint Intrusion Prevention System Alternate Unicode Character Encodings Lets Remote Users Evade Detection

Source: CCN
Type: 3COM-07-003
TippingPoint IPS Extended Unicode Evasion

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.3com.com/securityalert/alerts/3COM-07-003.html

Source: CCN
Type: OSVDB ID: 35970
3Com TippingPoint IPS Hex Encoded Extended Unicode Detection Bypass

Source: BUGTRAQ
Type: UNKNOWN
20070710 TippingPoint IPS Signature Evasion

Source: BID
Type: Exploit
24855

Source: CCN
Type: BID-24855
TippingPoint IPS Unicode Character Detection Bypass Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018361

Source: VUPEN
Type: UNKNOWN
ADV-2007-2490

Source: XF
Type: UNKNOWN
tippingpoint-hex-security-byass(35336)

Source: XF
Type: UNKNOWN
tippingpoint-hex-security-byass(35336)

Vulnerable Configuration:

Configuration 1:

cpe:/a:tippingpoint:tipping_point:50:*:*:*:*:*:*:*

OR cpe:/a:tippingpoint:tipping_point:200:*:*:*:*:*:*:*

OR cpe:/a:tippingpoint:tipping_point:200e:*:*:*:*:*:*:*

OR cpe:/a:tippingpoint:tipping_point:400:*:*:*:*:*:*:*

OR cpe:/a:tippingpoint:tipping_point:600e:*:*:*:*:*:*:*

OR cpe:/a:tippingpoint:tipping_point:1200:*:*:*:*:*:*:*

OR cpe:/a:tippingpoint:tipping_point:1200e:*:*:*:*:*:*:*

OR cpe:/a:tippingpoint:tipping_point:2400e:*:*:*:*:*:*:*

OR cpe:/a:tippingpoint:tipping_point:5000e:*:*:*:*:*:*:*

OR cpe:/a:tippingpoint:tipping_point:sms:*:*:*:*:*:*:*

OR cpe:/a:tippingpoint:tipping_point:x505:*:*:*:*:*:*:*

OR cpe:/a:tippingpoint:tipping_point:x506:*:*:*:*:*:*:*

OR cpe:/a:tippingpoint:tipping_point:zpha:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.1:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.1.4.6324:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.2:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.2.1:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.2.1.6506:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.2.2:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.2.3:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.2.4:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.5:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.5.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:3com:tippingpoint_ips_tos:2.1:*:*:*:*:*:*:*

OR cpe:/h:3com:3crtpx505-73:-:*:*:*:*:*:*:*

OR cpe:/h:3com:3crx506-96:-:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.1.4.6324:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.2:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.2.1:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.2.1.6506:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.2.2:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.2.3:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.2.4:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.5:*:*:*:*:*:*:*

OR cpe:/o:3com:tippingpoint_ips_tos:2.5.1:*:*:*:*:*:*:*

OR cpe:/h:3com:tippingpoint_200:*:*:*:*:*:*:*:*

OR cpe:/h:3com:tippingpoint_200e:*:*:*:*:*:*:*:*

OR cpe:/h:3com:tippingpoint_2400e:*:*:*:*:*:*:*:*

OR cpe:/h:3com:tippingpoint_50:*:*:*:*:*:*:*:*

OR cpe:/h:3com:tippingpoint_5000e:*:*:*:*:*:*:*:*

OR cpe:/h:3com:tippingpoint_600e:*:*:*:*:*:*:*:*

OR cpe:/a:3com:tippingpoint_sms_client:3.1.1.7943:*:*:*:*:*:*:*

Denotes that component is vulnerable