Sign-up

ID

VAR-200912-0285


CVE

CVE-2009-4409


TITLE

SEIL/B1 authentication issue

Trust: 0.8

sources: JVNDB: JVNDB-2009-000079

DESCRIPTION

The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack. As a result, the third party may gain access to the network. According the developer, when L2TP/IPsec is being used, the authentication challenges are protected by the encryption provided by IPsec, and therefore the probability of being affected by this issue are reduced. SEIL/B1 is prone to an authentication-bypass vulnerability affecting CHAP and MS-CHAP-V2 authentication. Versions prior to SEIL/B1 2.60 are vulnerable. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: SEIL Routers PPP Access Concentrator Replay Vulnerability SECUNIA ADVISORY ID: SA37628 VERIFY ADVISORY: http://secunia.com/advisories/37628/ DESCRIPTION: A vulnerability has been reported in the SEIL B1 router, which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: Update to version 2.60. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SEIL: http://www.seil.jp/seilseries/security/2009/a00697.php JVN: http://jvn.jp/en/jp/JVN49602378/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000079.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2009-4409 // JVNDB: JVNDB-2009-000079 // BID: 37293 // PACKETSTORM: 83650

AFFECTED PRODUCTS

vendor:iijmodel:seil\/b1scope:eqversion:2.42

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:1.00

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.20

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.41

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.52

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.51

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.01

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.10

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.30

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.40

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.50

Trust: 1.0

vendor:internet initiativemodel:seil/b1scope:eqversion:firmware 1.00 through 2.52

Trust: 0.8

vendor:seilmodel:seil/b1scope:eqversion:2.52

Trust: 0.3

vendor:seilmodel:seil/b1scope:eqversion:2.51

Trust: 0.3

vendor:seilmodel:seil/b1scope:eqversion:2.50

Trust: 0.3

vendor:seilmodel:seil/b1scope:eqversion:2.48

Trust: 0.3

vendor:seilmodel:seil/b1scope:neversion:2.60

Trust: 0.3

sources: BID: 37293 // JVNDB: JVNDB-2009-000079 // CNNVD: CNNVD-200912-340 // NVD: CVE-2009-4409

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-4409
value: LOW

Trust: 1.0

IPA: JVNDB-2009-000079
value: LOW

Trust: 0.8

CNNVD: CNNVD-200912-340
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2009-4409
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2009-000079
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2009-000079 // CNNVD: CNNVD-200912-340 // NVD: CVE-2009-4409

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2009-000079 // NVD: CVE-2009-4409

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200912-340

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200912-340

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-000079

PATCH
title:a00697.phpurl:http://www.seil.jp/seilseries/security/2009/a00697.php
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-000079

EXTERNAL IDS
db:JVNid:JVN49602378
Trust: 2.8
db:BIDid:37293
Trust: 2.7
db:SECUNIAid:37628
Trust: 2.7
db:JVNDBid:JVNDB-2009-000079
Trust: 2.5
db:OSVDBid:61118
Trust: 2.4
db:NVDid:CVE-2009-4409
Trust: 2.4
db:JVNid:JVN#49602378
Trust: 0.6
db:CNNVDid:CNNVD-200912-340
Trust: 0.6
db:PACKETSTORMid:83650
Trust: 0.1
sources:
            
            
            BID: 37293 // 
            
            
            
            JVNDB: JVNDB-2009-000079 // 
            
            
            
            PACKETSTORM: 83650 // 
            
            
            
            CNNVD: CNNVD-200912-340 // 
            
            
            
            NVD: CVE-2009-4409

REFERENCES
url:http://jvn.jp/en/jp/jvn49602378/index.html
Trust: 2.8
url:http://www.osvdb.org/61118
Trust: 2.4
url:http://secunia.com/advisories/37628
Trust: 2.4
url:http://www.securityfocus.com/bid/37293
Trust: 2.4
url:http://www.seil.jp/seilseries/security/2009/a00697.php
Trust: 2.0
url:http://jvndb.jvn.jp/ja/contents/2009/jvndb-2009-000079.html
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4409
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4409
Trust: 0.8
url:http://www.seil.jp/
Trust: 0.3
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://jvndb.jvn.jp/en/contents/2009/jvndb-2009-000079.html
Trust: 0.1
url:http://secunia.com/advisories/37628/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            BID: 37293 // 
            
            
            
            JVNDB: JVNDB-2009-000079 // 
            
            
            
            PACKETSTORM: 83650 // 
            
            
            
            CNNVD: CNNVD-200912-340 // 
            
            
            
            NVD: CVE-2009-4409

CREDITS
The vendor
Trust: 0.9
sources:
            
            
            BID: 37293 // 
            
            
            
            CNNVD: CNNVD-200912-340

SOURCES
db:BIDid:37293
db:JVNDBid:JVNDB-2009-000079
db:PACKETSTORMid:83650
db:CNNVDid:CNNVD-200912-340
db:NVDid:CVE-2009-4409

LAST UPDATE DATE
2025-04-10T23:13:54.768000+00:00

SOURCES UPDATE DATE
db:BIDid:37293date:2009-12-14T19:23:00
db:JVNDBid:JVNDB-2009-000079date:2009-12-09T00:00:00
db:CNNVDid:CNNVD-200912-340date:2009-12-24T00:00:00
db:NVDid:CVE-2009-4409date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:BIDid:37293date:2009-12-11T00:00:00
db:JVNDBid:JVNDB-2009-000079date:2009-12-09T00:00:00
db:PACKETSTORMid:83650date:2009-12-10T08:24:04
db:CNNVDid:CNNVD-200912-340date:2009-12-23T00:00:00
db:NVDid:CVE-2009-4409date:2009-12-23T21:30:00.313