Vulnerability Description
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sofaware | Safe At Office 500 Utm | <= embedded_ngx_7.0.39_ga |
References
- http://labs.calyptix.com/CX-2007-04.phpPatch
- http://labs.calyptix.com/CX-2007-04.txt
- http://osvdb.org/37644
- http://www.securityfocus.com/archive/1/472290/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35094
- http://labs.calyptix.com/CX-2007-04.phpPatch
- http://labs.calyptix.com/CX-2007-04.txt
- http://osvdb.org/37644
- http://www.securityfocus.com/archive/1/472290/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35094
FAQ
What is CVE-2007-3464?
CVE-2007-3464 is a vulnerability with a CVSS score of 8.5 (HIGH). Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileg...
How severe is CVE-2007-3464?
CVE-2007-3464 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3464?
Check the references section above for vendor advisories and patch information. Affected products include: Sofaware Safe At Office 500 Utm.