CVE-2002-1979 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2002-1979?

CVE-2002-1979 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2002-1979?

Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Legacy Rssa, Watchguard Soho, Watchguard Vclass.

Vulnerability Description

WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Watchguard	Legacy Rssa	<= 3.2_sp1
Watchguard	Soho	<= 5.1.6
Watchguard	Vclass	<= 3.2_sp1

Related Weaknesses (CWE)

CWE-20

References

http://www.kb.cert.org/vuls/id/328867US Government Resource
http://www.kb.cert.org/vuls/id/AAMN-5EQR65Patch
http://www.kb.cert.org/vuls/id/328867US Government Resource
http://www.kb.cert.org/vuls/id/AAMN-5EQR65Patch

FAQ

What is CVE-2002-1979?

CVE-2002-1979 is a vulnerability with a CVSS score of 7.5 (HIGH). WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argumen...

How severe is CVE-2002-1979?

CVE-2002-1979 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-1979?

Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Legacy Rssa, Watchguard Soho, Watchguard Vclass.