Details of VAR-200212-0207

ID

VAR-200212-0207

CVE

CVE-2002-2063

TITLE

ATGuard Personal Firewall Outbound connection restrictions can bypass the vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-400

DESCRIPTION

AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames. An issue has been reported in ATGuard Personal Firewall. Reportedly, it is possible for a user to bypass the security restrictions of ATGuard. This is achieved by renaming the restricted web application with an authorized application name. For example, if icq.exe is a restricted service and, iexplore.exe is an authorized application. By renaming icq.exe to iexplore.exe, ATGuard will permit the use of the application. It should be noted that ATGuard Firewall was acquired by Symantec, support for this product may no longer be available. A vulnerability in ATGuard Personal Firewall's outbound connection control handling could allow an attacker to bypass ATGuard's security restrictions. ATGuard Personal Firewall only checks the user name of the application for the restriction of outgoing connections. An attacker can change the name of the Trojan horse so that programs that cannot connect to the outside world can communicate normally

Trust: 1.26

sources: NVD: CVE-2002-2063 // BID: 4620 // VULHUB: VHN-6446

AFFECTED PRODUCTS

vendor:

atguard

model:

personal firewall

scope:

version:

3.2

Trust: 1.9

sources: BID: 4620 // CNNVD: CNNVD-200212-400 // NVD: CVE-2002-2063

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2063
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200212-400
value:	HIGH
Trust: 0.6
VULHUB:	VHN-6446
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-2063
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6446
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6446 // CNNVD: CNNVD-200212-400 // NVD: CVE-2002-2063

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-2063

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-400

TYPE

Design Error

Trust: 0.9

sources: BID: 4620 // CNNVD: CNNVD-200212-400

EXTERNAL IDS

db:	BID	id:	4620	Trust: 2.0
db:	NVD	id:	CVE-2002-2063	Trust: 1.7
db:	CNNVD	id:	CNNVD-200212-400	Trust: 0.7
db:	BUGTRAQ	id:	20020429 ITCP ADVISORY 13: BYPASSING OF ATGUARD FIREWALL POSSIBLE	Trust: 0.6
db:	NSFOCUS	id:	2702	Trust: 0.6
db:	XF	id:	8962	Trust: 0.6
db:	VULHUB	id:	VHN-6446	Trust: 0.1

sources: VULHUB: VHN-6446 // BID: 4620 // CNNVD: CNNVD-200212-400 // NVD: CVE-2002-2063

REFERENCES

url:	http://www.securityfocus.com/bid/4620	Trust: 1.7
url:	http://www.derkeiler.com/mailing-lists/securityfocus/bugtraq/2002-04/0412.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/8962.php	Trust: 1.7
url:	http://www.nsfocus.net/vulndb/2702	Trust: 0.6

sources: VULHUB: VHN-6446 // CNNVD: CNNVD-200212-400 // NVD: CVE-2002-2063

CREDITS

BlueScreen※ BlueScreen@IT-Checkpoint.net

Trust: 0.6

sources: CNNVD: CNNVD-200212-400

SOURCES

db:	VULHUB	id:	VHN-6446
db:	BID	id:	4620
db:	CNNVD	id:	CNNVD-200212-400
db:	NVD	id:	CVE-2002-2063

LAST UPDATE DATE

2025-04-03T22:36:22.917000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6446	date:	2008-09-05T00:00:00
db:	BID	id:	4620	date:	2002-04-29T00:00:00
db:	CNNVD	id:	CNNVD-200212-400	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-2063	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6446	date:	2002-12-31T00:00:00
db:	BID	id:	4620	date:	2002-04-29T00:00:00
db:	CNNVD	id:	CNNVD-200212-400	date:	2002-04-29T00:00:00
db:	NVD	id:	CVE-2002-2063	date:	2002-12-31T05:00:00