Vulnerabilities > CVE-2007-3462 - Cross-Site Request Forgery vulnerability in Sofaware Safe AT Office 500 UTM Embeddedngx7.0.39Ga
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
sofaware
Summary
Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 1 |
References
- http://labs.calyptix.com/CX-2007-04.php
- http://labs.calyptix.com/CX-2007-04.txt
- http://osvdb.org/37644
- http://secunia.com/advisories/25822
- http://www.securityfocus.com/archive/1/472290/100/0/threaded
- http://www.securitytracker.com/id?1018317
- http://www.sofaware.com/supportDownloads.aspx?boneId=182
- http://www.vupen.com/english/advisories/2007/2364
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35093
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35094