PT-2007-7000 · Ingate · Siparator+1

Published

2007-11-22

Updated

2008-11-15

CVE-2007-6098

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ingate Firewall versions prior to 4.6.0 SIParator versions prior to 4.6.0

Description The issue concerns the logging mechanism, which fails to log certain events. Specifically, it does not log truncated ICMP, UDP, and TCP packets, and it also does not log serial-console login attempts with nonexistent usernames. This lack of logging might make it easier for attackers with physical access to guess valid login credentials while avoiding detection.

Recommendations For Ingate Firewall versions prior to 4.6.0, update to version 4.6.0 or later to address the logging issue. For SIParator versions prior to 4.6.0, update to version 4.6.0 or later to address the logging issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-6098

Affected Products

Ingate Firewall

Siparator

PT-2007-7000 · Ingate · Siparator+1

CVE-2007-6098

Related Identifiers

Affected Products

References · 3