CVE-2007-4422

3 documents3 sources

Severity

9.3CRITICAL

EPSS

2.5%

top 14.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Enterprise Firewall

Timeline

PublishedAug 18

Latest updateMay 1

Description

The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDsymantec/enterprise_firewall6

🔴Vulnerability Details

GHSA

GHSA-62wr-2p42-ccr4: The login interface in Symantec Enterprise Firewall 6↗2022-05-01

▶

CVEList

CVE-2007-4422: The login interface in Symantec Enterprise Firewall 6↗2007-08-18

▶