Details of VAR-200701-0013

ID

VAR-200701-0013

CVE

CVE-2007-0228

TITLE

EIQ Networks Network Security Analyzer Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001379

DESCRIPTION

The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference. (1) TCP port 10618 To &CONNECTSERVER& String (2) TCP port 10618 To &ADDENTRY& String (3) TCP port 10618 To &FIN& String (4) TCP port 10618 To &START& String (5) TCP port 10618 To &LOGPATH& String (6) TCP port 10618 To &FWADELTA& String (7) TCP port 10618 To &FWALOG& String (8) TCP port 10618 To &SETSYNCHRONOUS& String (9) TCP port 10618 To &SETPRGFILE& String (10) TCP port 10618 To &SETREPLYPORT& String. Test code: http://www.securityfocus.com/data/vulnerabilities/exploits/21994.py Patching plan: The vendor has not released an upgrade patch for the time being, please pay attention to the vendor address in time: http://www.eiqnetworks.com/products/ NetworkSecurityAnalyzer.shtml. A malicious server could cause a vulnerable client application to crash, effectively denying service

Trust: 2.43

sources: NVD: CVE-2007-0228 // JVNDB: JVNDB-2007-001379 // CNVD: CNVD-2007-0176 // BID: 21994

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2007-0176

AFFECTED PRODUCTS

vendor:	eiqnetworks	model:	enterprise security analyzer	scope:	eq	version:	2.5	Trust: 1.9
vendor:	eiqnetworks	model:	enterprise security analyzer	scope:	eq	version:	2.1	Trust: 1.9
vendor:	eiqnetworks	model:	enterprise security analyzer	scope:	eq	version:	2.0	Trust: 1.9
vendor:	eiqnetworks	model:	enterprise security analyzer	scope:	-	version:	-	Trust: 0.8
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2007-0176 // BID: 21994 // JVNDB: JVNDB-2007-001379 // CNNVD: CNNVD-200701-170 // NVD: CVE-2007-0228

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0228
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-0228
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200701-170
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2007-0228
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2007-001379 // CNNVD: CNNVD-200701-170 // NVD: CVE-2007-0228

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0228

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-170

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200701-170

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001379

PATCH

title:

Top Page

url:

http://www.eiqnetworks.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-001379

EXTERNAL IDS

db:	BID	id:	21994	Trust: 2.5
db:	NVD	id:	CVE-2007-0228	Trust: 2.4
db:	SECUNIA	id:	23693	Trust: 2.2
db:	OSVDB	id:	32725	Trust: 1.6
db:	VUPEN	id:	ADV-2007-0147	Trust: 1.6
db:	XF	id:	31428	Trust: 1.2
db:	JVNDB	id:	JVNDB-2007-001379	Trust: 0.8
db:	CNCVE	id:	CNCVE-20070228	Trust: 0.6
db:	CNVD	id:	CNVD-2007-0176	Trust: 0.6
db:	FULLDISC	id:	20070110 EIQ NETWORKS NETWORK SECURITY ANALYZER DOS VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-200701-170	Trust: 0.6

sources: CNVD: CNVD-2007-0176 // BID: 21994 // JVNDB: JVNDB-2007-001379 // CNNVD: CNNVD-200701-170 // NVD: CVE-2007-0228

REFERENCES

url:	http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0209.html	Trust: 2.2
url:	http://secunia.com/advisories/23693	Trust: 2.2
url:	http://www.securityfocus.com/bid/21994	Trust: 2.2
url:	http://osvdb.org/32725	Trust: 1.6
url:	http://www.frsirt.com/english/advisories/2007/0147	Trust: 1.2
url:	http://xforce.iss.net/xforce/xfdb/31428	Trust: 1.2
url:	http://www.vupen.com/english/advisories/2007/0147	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/31428	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0228	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0228	Trust: 0.8
url:	http://www.eiqnetworks.com/products/networksecurityanalyzer.shtml	Trust: 0.3
url:	msg://bugtraq/20070110221244.e29e9b0fef@ws4-4.us4.outblaze.com	Trust: 0.3

sources: CNVD: CNVD-2007-0176 // BID: 21994 // JVNDB: JVNDB-2007-001379 // CNNVD: CNNVD-200701-170 // NVD: CVE-2007-0228

CREDITS

Ethan Hunt is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 21994 // CNNVD: CNNVD-200701-170

SOURCES

db:	CNVD	id:	CNVD-2007-0176
db:	BID	id:	21994
db:	JVNDB	id:	JVNDB-2007-001379
db:	CNNVD	id:	CNNVD-200701-170
db:	NVD	id:	CVE-2007-0228

LAST UPDATE DATE

2025-04-10T23:18:16.664000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2007-0176	date:	2007-01-10T00:00:00
db:	BID	id:	21994	date:	2007-01-11T00:40:00
db:	JVNDB	id:	JVNDB-2007-001379	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-170	date:	2007-01-15T00:00:00
db:	NVD	id:	CVE-2007-0228	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2007-0176	date:	2007-01-10T00:00:00
db:	BID	id:	21994	date:	2007-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2007-001379	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-170	date:	2007-01-12T00:00:00
db:	NVD	id:	CVE-2007-0228	date:	2007-01-13T02:28:00