Details of VAR-200208-0236

ID

VAR-200208-0236

CVE

CVE-2002-0527

TITLE

WatchGuard SOHO deformity TCP Package can cause a denial of service attack vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200208-113

DESCRIPTION

Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash and reboot) when SOHO forwards a packet with bad IP options. WatchGuard SOHO Firewall is a firewall appliance intended for use by Home Office/Small Office users. It offers built-in VPN capabilities. WatchGuard SOHO Firewall crashes when handling certain types of malformed TCP packets. All current connections will drop when this occurs. It should be noted that this is only an issue for packets that are forwarded by the firewall appliance. It runs under the Windows operating system platform. The firewall may crash the program due to improper parsing and restart. This vulnerability exists only when the firewall allows the packet forwarding function to be enabled. For example, there are WEB services behind the firewall that may be affected by this vulnerability

Trust: 1.26

sources: NVD: CVE-2002-0527 // BID: 4447 // VULHUB: VHN-4919

AFFECTED PRODUCTS

vendor:	watchguard	model:	soho firewall	scope:	eq	version:	5.0.31	Trust: 1.9
vendor:	watchguard	model:	soho firewall	scope:	eq	version:	5.0.29	Trust: 1.9
vendor:	watchguard	model:	soho firewall	scope:	eq	version:	5.0.28	Trust: 1.9
vendor:	watchguard	model:	soho firewall	scope:	ne	version:	5.0.35	Trust: 0.3

sources: BID: 4447 // CNNVD: CNNVD-200208-113 // NVD: CVE-2002-0527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0527
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200208-113
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-4919
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-0527
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4919
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4919 // CNNVD: CNNVD-200208-113 // NVD: CVE-2002-0527

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0527

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200208-113

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200208-113

EXTERNAL IDS

db:	BID	id:	4447	Trust: 2.0
db:	NVD	id:	CVE-2002-0527	Trust: 2.0
db:	CNNVD	id:	CNNVD-200208-113	Trust: 0.7
db:	XF	id:	8774	Trust: 0.6
db:	VULNWATCH	id:	20020408 [VULNWATCH] KPMG-2002007: WATCHGUARD SOHO DENIAL OF SERVICE	Trust: 0.6
db:	BUGTRAQ	id:	20020408 KPMG-2002007: WATCHGUARD SOHO DENIAL OF SERVICE	Trust: 0.6
db:	VULHUB	id:	VHN-4919	Trust: 0.1

sources: VULHUB: VHN-4919 // BID: 4447 // CNNVD: CNNVD-200208-113 // NVD: CVE-2002-0527

REFERENCES

url:	http://www.securityfocus.com/bid/4447	Trust: 1.7
url:	http://online.securityfocus.com/archive/1/266380	Trust: 1.7
url:	http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0006.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/8774.php	Trust: 1.7
url:	http://www.watchguard.com/	Trust: 0.3

sources: VULHUB: VHN-4919 // BID: 4447 // CNNVD: CNNVD-200208-113 // NVD: CVE-2002-0527

CREDITS

Andreas Sandor※ asandor@kpmg.dk

Trust: 0.6

sources: CNNVD: CNNVD-200208-113

SOURCES

db:	VULHUB	id:	VHN-4919
db:	BID	id:	4447
db:	CNNVD	id:	CNNVD-200208-113
db:	NVD	id:	CVE-2002-0527

LAST UPDATE DATE

2025-04-03T22:11:22.900000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4919	date:	2008-09-05T00:00:00
db:	BID	id:	4447	date:	2009-07-11T11:56:00
db:	CNNVD	id:	CNNVD-200208-113	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-0527	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4919	date:	2002-08-12T00:00:00
db:	BID	id:	4447	date:	2002-04-08T00:00:00
db:	CNNVD	id:	CNNVD-200208-113	date:	2002-04-08T00:00:00
db:	NVD	id:	CVE-2002-0527	date:	2002-08-12T04:00:00