Details of VAR-200708-0020

ID

VAR-200708-0020

CVE

CVE-2007-4318

TITLE

Zyxel Zywall 2 Run on device ZyNOS Management interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-005959

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter. Zywall 2 is prone to a cross-site scripting vulnerability. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: ZyXEL ZyWALL / ZyNOS Cross-Site Request Forgery SECUNIA ADVISORY ID: SA26381 VERIFY ADVISORY: http://secunia.com/advisories/26381/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: ZyXEL ZyWALL Series http://secunia.com/product/147/ ZyXEL ZyNOS 3.x http://secunia.com/product/149/ DESCRIPTION: Henri Lindberg has reported a vulnerability in ZyXEL ZyWALL / ZyNOS, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to perform certain actions when a logged in administrator is tricked into visiting a malicious website. NOTE: Reportedly, this can further be exploited to conduct script insertion attacks. The vulnerabilities are reported in Zyxell ZyWALL 2 and in ZyNOS firmware version V3.62(WK.6). Other versions may also be affected. SOLUTION: Do not browser untrusted sites while being logged in to the administrative section of the device. PROVIDED AND/OR DISCOVERED BY: Henri Lindberg of Louhi Networks. ORIGINAL ADVISORY: http://www.louhi.fi/advisory/zyxel_070810.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2007-4318 // JVNDB: JVNDB-2007-005959 // BID: 81603 // PACKETSTORM: 58606

AFFECTED PRODUCTS

vendor:	zyxel	model:	zynos	scope:	eq	version:	3.62	Trust: 1.9
vendor:	zyxel	model:	zywall 2	scope:	-	version:	-	Trust: 1.4
vendor:	zyxel	model:	zywall 2	scope:	eq	version:	*	Trust: 1.0
vendor:	zyxel	model:	zynos	scope:	eq	version:	3.62(wk.6)	Trust: 0.8
vendor:	zyxel	model:	zywall	scope:	eq	version:	20	Trust: 0.3

sources: BID: 81603 // JVNDB: JVNDB-2007-005959 // NVD: CVE-2007-4318 // CNNVD: CNNVD-200708-182

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2007-4318
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-200708-182
value:	MEDIUM
Trust: 0.6

NVD:
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-4318
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: JVNDB: JVNDB-2007-005959 // NVD: CVE-2007-4318 // CNNVD: CNNVD-200708-182

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4318

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-182

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200708-182

CONFIGURATIONS

sources: NVD: CVE-2007-4318

PATCH

title:

Top Page

url:

http://www.zyxel.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-005959

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4318	Trust: 2.7
db:	BID	id:	25262	Trust: 1.9
db:	SREASON	id:	3002	Trust: 1.9
db:	SECUNIA	id:	26381	Trust: 1.7
db:	OSVDB	id:	38721	Trust: 1.6
db:	XF	id:	35913	Trust: 0.9
db:	JVNDB	id:	JVNDB-2007-005959	Trust: 0.8
db:	BUGTRAQ	id:	20070810 ZYXEL ZYWALL 2 MULTIPLE VULNERABILITIES	Trust: 0.6
db:	CNNVD	id:	CNNVD-200708-182	Trust: 0.6
db:	BID	id:	81603	Trust: 0.3
db:	PACKETSTORM	id:	58606	Trust: 0.1

sources: BID: 81603 // JVNDB: JVNDB-2007-005959 // PACKETSTORM: 58606 // NVD: CVE-2007-4318 // CNNVD: CNNVD-200708-182

REFERENCES

url:	http://www.louhi.fi/advisory/zyxel_070810.txt	Trust: 2.0
url:	http://securityreason.com/securityalert/3002	Trust: 1.9
url:	http://www.securityfocus.com/bid/25262	Trust: 1.9
url:	http://osvdb.org/38721	Trust: 1.6
url:	http://secunia.com/advisories/26381	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/476031/100/0/threaded	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/35913	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/35913	Trust: 0.9
url:	http://www.securityfocus.com/archive/1/archive/1/476031/100/0/threaded	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4318	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4318	Trust: 0.8
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/149/	Trust: 0.1
url:	http://secunia.com/product/147/	Trust: 0.1
url:	http://secunia.com/advisories/26381/	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: BID: 81603 // JVNDB: JVNDB-2007-005959 // PACKETSTORM: 58606 // NVD: CVE-2007-4318 // CNNVD: CNNVD-200708-182

CREDITS

Henri Lindberg discovered these issues.

Trust: 0.6

sources: CNNVD: CNNVD-200708-182

SOURCES

db:	BID	id:	81603
db:	JVNDB	id:	JVNDB-2007-005959
db:	PACKETSTORM	id:	58606
db:	NVD	id:	CVE-2007-4318
db:	CNNVD	id:	CNNVD-200708-182

LAST UPDATE DATE

2023-12-18T12:32:15.284000+00:00

SOURCES UPDATE DATE

db:	BID	id:	81603	date:	2007-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2007-005959	date:	2012-12-20T00:00:00
db:	NVD	id:	CVE-2007-4318	date:	2018-10-15T21:34:28.260
db:	CNNVD	id:	CNNVD-200708-182	date:	2007-08-14T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	81603	date:	2007-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2007-005959	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	58606	date:	2007-08-15T19:37:35
db:	NVD	id:	CVE-2007-4318	date:	2007-08-13T21:17:00
db:	CNNVD	id:	CNNVD-200708-182	date:	2007-08-13T00:00:00