Vulnerabilities > CVE-2007-3462 - Cross-Site Request Forgery vulnerability in Sofaware Safe AT Office 500 UTM Embeddedngx7.0.39Ga

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

sofaware

NVD

Published: 2007-06-27

Updated: 2018-10-16

Summary

Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network.

Vulnerable Configurations

Part	Description	Count
Hardware	Sofaware Sofaware Safe AT Office 500 UTM Embedded_Ngx_7.0.39_Ga	1

References

http://labs.calyptix.com/CX-2007-04.php
http://labs.calyptix.com/CX-2007-04.txt
http://osvdb.org/37644
http://secunia.com/advisories/25822
http://www.securityfocus.com/archive/1/472290/100/0/threaded
http://www.securitytracker.com/id?1018317
http://www.sofaware.com/supportDownloads.aspx?boneId=182
http://www.vupen.com/english/advisories/2007/2364
https://exchange.xforce.ibmcloud.com/vulnerabilities/35093
https://exchange.xforce.ibmcloud.com/vulnerabilities/35094