Details of VAR-201609-0678

ID

VAR-201609-0678

TITLE

Unknown security bypass vulnerability exists for multiple Fireeye NX products

Trust: 0.6

sources: CNVD: CNVD-2016-07271

DESCRIPTION

FireEye NX 4300 and others are the threat protection platforms of American FireEye company to defend against web network attacks. There are security bypasses in FireEye NX 1300, NX 2300, and NX 4300. An attacker could use this vulnerability to bypass security restrictions and perform unauthorized operations. Multiple Fireeye NX products are prone to an unspecified security-bypass vulnerability. This may aid in further attacks

Trust: 1.35

sources: CNVD: CNVD-2016-07271 // CNNVD: CNNVD-201609-050 // BID: 92749

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-07271

AFFECTED PRODUCTS

vendor:	fireeye	model:	nx	scope:	eq	version:	13000	Trust: 0.9
vendor:	fireeye	model:	nx	scope:	eq	version:	23000	Trust: 0.9
vendor:	fireeye	model:	nx	scope:	eq	version:	43000	Trust: 0.9

sources: CNVD: CNVD-2016-07271 // BID: 92749

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-07271
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-07271
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-07271

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-050

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201609-050

PATCH

title:

Patches for unidentified security bypass vulnerabilities in multiple FireeyeNX products

url:

https://www.cnvd.org.cn/patchinfo/show/81168

Trust: 0.6

sources: CNVD: CNVD-2016-07271

EXTERNAL IDS

db:	BID	id:	92749	Trust: 1.5
db:	CNVD	id:	CNVD-2016-07271	Trust: 0.6
db:	CNNVD	id:	CNNVD-201609-050	Trust: 0.6

sources: CNVD: CNVD-2016-07271 // BID: 92749 // CNNVD: CNNVD-201609-050

REFERENCES

url:	http://www.securityfocus.com/bid/92749	Trust: 1.2
url:	https://www.fireeye.com/content/dam/fireeye-www/support/pdfs/fireeye-riotgames-vulnerability.pdf	Trust: 0.9
url:	http://www.fireeye.com/	Trust: 0.3

sources: CNVD: CNVD-2016-07271 // BID: 92749 // CNNVD: CNNVD-201609-050

CREDITS

Jason Clark

Trust: 0.9

sources: BID: 92749 // CNNVD: CNNVD-201609-050

SOURCES

db:	CNVD	id:	CNVD-2016-07271
db:	BID	id:	92749
db:	CNNVD	id:	CNNVD-201609-050

LAST UPDATE DATE

2022-05-17T01:55:52.139000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-07271	date:	2016-09-06T00:00:00
db:	BID	id:	92749	date:	2016-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201609-050	date:	2016-09-06T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-07271	date:	2016-09-06T00:00:00
db:	BID	id:	92749	date:	2016-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201609-050	date:	2016-09-06T00:00:00