Lucene search
MitreCVE-2007-4422HistoryAug 18, 2007 - 9:17 p.m.
CVE-2007-4422
2007-08-1821:17:00
mitre
web.nvd.nist.gov
26
cve-2007-4422
symantec
enterprise firewall
vpn
psk
authentication
remote attackers
username enumeration
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.9
Confidence
Low
EPSS
0.804
Percentile
98.4%
The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
Affected configurations
Node
symantecenterprise_firewallMatch6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| symantec | enterprise_firewall | 6 | cpe:2.3:a:symantec:enterprise_firewall:6:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2007-4422
2007-08-18 21:00:00
prion
prion
Authentication flaw
2007-08-18 21:17:00
nvd
nvd
CVE-2007-4422
2007-08-18 21:17:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.9
Confidence
Low
EPSS
0.804
Percentile
98.4%
Related for CVE-2007-4422