CVE-2002-1979
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
31/12/2002
Last modified:
03/04/2009
Description
WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:h:watchguard:legacy_rssa:*:*:*:*:*:*:*:* | 3.2_sp1 (including) | |
cpe:2.3:h:watchguard:soho:*:*:*:*:*:*:*:* | 5.1.6 (including) | |
cpe:2.3:h:watchguard:vclass:*:*:*:*:*:*:*:* | 3.2_sp1 (including) |
To consult the complete list of CPE names with products and versions, see this page