Sign-up

ID

VAR-201508-0392


CVE

CVE-2015-3966


TITLE

Innominate mGuard Device firmware IPsec SA Service disruption in the establishment process (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004502

DESCRIPTION

The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression. Innominate mGuard is prone to a denial-of-service vulnerability. An attacker can leverage this issue to cause a denial-of-service condition, denying service to legitimate users. Innominate mGuard 8.0.0 through 8.1.6 are vulnerable. Innominate mGuard is an mGuard series product suite of German Innominate Company that includes network security devices such as firewalls and VPNs

Trust: 1.98

sources: NVD: CVE-2015-3966 // JVNDB: JVNDB-2015-004502 // BID: 74543 // VULHUB: VHN-81927

AFFECTED PRODUCTS

vendor:innominatemodel:mguardscope:eqversion:8.1.4

Trust: 1.6

vendor:innominatemodel:mguardscope:eqversion:8.0.2

Trust: 1.6

vendor:innominatemodel:mguardscope:eqversion:8.1.3

Trust: 1.6

vendor:innominatemodel:mguardscope:eqversion:8.0.1

Trust: 1.6

vendor:innominatemodel:mguardscope:eqversion:8.1.6

Trust: 1.6

vendor:innominatemodel:mguardscope:eqversion:8.1.1

Trust: 1.6

vendor:innominatemodel:mguardscope:eqversion:8.1.5

Trust: 1.6

vendor:innominatemodel:mguardscope:eqversion:8.0.3

Trust: 1.6

vendor:innominatemodel:mguardscope:eqversion:8.0.0

Trust: 1.6

vendor:innominatemodel:mguardscope:eqversion:8.1.2

Trust: 1.6

vendor:innominate securitymodel:mguardscope:ltversion:8.x

Trust: 0.8

vendor:innominate securitymodel:mguardscope:eqversion:8.1.7

Trust: 0.8

sources: JVNDB: JVNDB-2015-004502 // CNNVD: CNNVD-201508-568 // NVD: CVE-2015-3966

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3966
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3966
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-568
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81927
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3966
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-81927
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81927 // JVNDB: JVNDB-2015-004502 // CNNVD: CNNVD-201508-568 // NVD: CVE-2015-3966

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-81927 // JVNDB: JVNDB-2015-004502 // NVD: CVE-2015-3966

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-568

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201508-568

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004502

PATCH
title:2015/07/14-001url:http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004502

EXTERNAL IDS
db:ICS CERTid:ICSA-15-239-03
Trust: 2.8
db:NVDid:CVE-2015-3966
Trust: 2.8
db:JVNDBid:JVNDB-2015-004502
Trust: 0.8
db:CNNVDid:CNNVD-201508-568
Trust: 0.7
db:BIDid:74543
Trust: 0.4
db:VULHUBid:VHN-81927
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81927 // 
            
            
            
            BID: 74543 // 
            
            
            
            JVNDB: JVNDB-2015-004502 // 
            
            
            
            CNNVD: CNNVD-201508-568 // 
            
            
            
            NVD: CVE-2015-3966

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-239-03
Trust: 2.8
url:http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3966
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3966
Trust: 0.8
url:http://www.innominate.com/en/products/archive
Trust: 0.3
sources:
            
            
            VULHUB: VHN-81927 // 
            
            
            
            BID: 74543 // 
            
            
            
            JVNDB: JVNDB-2015-004502 // 
            
            
            
            CNNVD: CNNVD-201508-568 // 
            
            
            
            NVD: CVE-2015-3966

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 74543

SOURCES
db:VULHUBid:VHN-81927
db:BIDid:74543
db:JVNDBid:JVNDB-2015-004502
db:CNNVDid:CNNVD-201508-568
db:NVDid:CVE-2015-3966

LAST UPDATE DATE
2025-04-13T23:37:31.514000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81927date:2015-08-31T00:00:00
db:BIDid:74543date:2015-08-27T00:00:00
db:JVNDBid:JVNDB-2015-004502date:2015-09-01T00:00:00
db:CNNVDid:CNNVD-201508-568date:2015-09-10T00:00:00
db:NVDid:CVE-2015-3966date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-81927date:2015-08-30T00:00:00
db:BIDid:74543date:2015-08-27T00:00:00
db:JVNDBid:JVNDB-2015-004502date:2015-09-01T00:00:00
db:CNNVDid:CNNVD-201508-568date:2015-08-31T00:00:00
db:NVDid:CVE-2015-3966date:2015-08-30T14:59:00.110