Details of VAR-200203-0082

ID

VAR-200203-0082

CVE

CVE-2002-0134

TITLE

Avirt Gateway Suite telnet Agent remote execution arbitrary command vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200203-077

DESCRIPTION

Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command. Avirt Gateway Suite is a product combining the functionality of Avirt Gateway and Avirt Mail. It is designed as a single solution for collection of client machines sharing a single internet connection. It is available for the Microsoft Windows operating system. By default, a telnet proxy server accepts connections from a configured, accepted IP address range. Any user may connect and browse the server file system or gain access to a command prompt. By default, the server runs with SYSTEM privileges. The software package contains a telnet proxy program, which listens to port 23 by default

Trust: 1.26

sources: NVD: CVE-2002-0134 // BID: 3901 // VULHUB: VHN-4529

AFFECTED PRODUCTS

vendor:	avirt	model:	gateway suite	scope:	eq	version:	4.2	Trust: 1.9
vendor:	avirt	model:	gateway	scope:	ne	version:	4.2	Trust: 0.3

sources: BID: 3901 // CNNVD: CNNVD-200203-077 // NVD: CVE-2002-0134

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0134
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200203-077
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4529
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-0134
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4529
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4529 // CNNVD: CNNVD-200203-077 // NVD: CVE-2002-0134

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0134

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200203-077

TYPE

Design Error

Trust: 0.9

sources: BID: 3901 // CNNVD: CNNVD-200203-077

EXTERNAL IDS

db:	BID	id:	3901	Trust: 2.0
db:	NVD	id:	CVE-2002-0134	Trust: 2.0
db:	CNNVD	id:	CNNVD-200203-077	Trust: 0.7
db:	XF	id:	7915	Trust: 0.6
db:	BUGTRAQ	id:	20020117 AVIRT GATEWAY SUITE REMOTE SYSTEM LEVEL COMPROMISE	Trust: 0.6
db:	BUGTRAQ	id:	20020220 AVIRT 4.2 QUESTION	Trust: 0.6
db:	VULHUB	id:	VHN-4529	Trust: 0.1

sources: VULHUB: VHN-4529 // BID: 3901 // CNNVD: CNNVD-200203-077 // NVD: CVE-2002-0134

REFERENCES

url:	http://www.securityfocus.com/bid/3901	Trust: 1.7
url:	http://www.iss.net/security_center/static/7915.php	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=101131669102843&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=101424723728817&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=101424723728817&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=101131669102843&w=2	Trust: 0.6
url:	http://www.avirt.com/index.html	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=101131669102843&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=101424723728817&w=2	Trust: 0.1

sources: VULHUB: VHN-4529 // BID: 3901 // CNNVD: CNNVD-200203-077 // NVD: CVE-2002-0134

CREDITS

Strumpf Noir Society※ vuln-dev@labs.secureance.com

Trust: 0.6

sources: CNNVD: CNNVD-200203-077

SOURCES

db:	VULHUB	id:	VHN-4529
db:	BID	id:	3901
db:	CNNVD	id:	CNNVD-200203-077
db:	NVD	id:	CVE-2002-0134

LAST UPDATE DATE

2025-04-03T22:30:56.621000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4529	date:	2016-10-18T00:00:00
db:	BID	id:	3901	date:	2009-07-11T09:56:00
db:	CNNVD	id:	CNNVD-200203-077	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-0134	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4529	date:	2002-03-25T00:00:00
db:	BID	id:	3901	date:	2002-01-17T00:00:00
db:	CNNVD	id:	CNNVD-200203-077	date:	2002-01-18T00:00:00
db:	NVD	id:	CVE-2002-0134	date:	2002-03-25T05:00:00