Firewall
by Ingate
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-2767 | 0.00 | — | 0.01 | Apr 23, 2025 | Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The… | |||
| CVE-2024-12831 | 0.00 | — | 0.00 | Dec 20, 2024 | Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on… | |||
| CVE-2024-12832 | 0.00 | — | 0.00 | Dec 20, 2024 | Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to… | |||
| CVE-2024-12830 | 0.00 | — | 0.01 | Dec 20, 2024 | Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2024-12829 | 0.00 | — | 0.01 | Dec 20, 2024 | Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific… | |||
| CVE-2023-42552 | 0.00 | — | 0.00 | Nov 7, 2023 | Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall. | |||
| CVE-2019-20536 | 0.00 | — | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019). | |||
| CVE-2018-16116 | 0.00 | — | 0.02 | Jun 20, 2019 | SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter. | |||
| CVE-2018-16117 | 0.00 | — | 0.44 | Jun 20, 2019 | A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter. | |||
| CVE-2018-16118 | 0.00 | — | 0.04 | Jun 20, 2019 | A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. | |||
| CVE-2008-0263 | 0.00 | — | 0.02 | Jan 15, 2008 | The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors. | |||
| CVE-2007-6097 | 0.00 | — | 0.01 | Nov 22, 2007 | Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted." | |||
| CVE-2007-6093 | 0.00 | — | 0.01 | Nov 22, 2007 | The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected." | |||
| CVE-2007-6096 | 0.00 | — | 0.01 | Nov 22, 2007 | Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors. | |||
| CVE-2007-6094 | 0.00 | — | 0.01 | Nov 22, 2007 | The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS). | |||
| CVE-2007-6092 | 0.00 | — | 0.02 | Nov 22, 2007 | Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||
| CVE-2007-6095 | 0.00 | — | 0.01 | Nov 22, 2007 | The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users. | |||
| CVE-2007-6098 | 0.00 | — | 0.01 | Nov 22, 2007 | Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for… | |||
| CVE-2007-6099 | 0.00 | — | 0.02 | Nov 22, 2007 | Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities. | |||
| CVE-2007-3177 | 0.00 | — | 0.01 | Jun 11, 2007 | Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. |
- CVE-2025-2767Apr 23, 2025risk 0.00cvss —epss 0.01
Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The…
- CVE-2024-12831Dec 20, 2024risk 0.00cvss —epss 0.00
Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on…
- CVE-2024-12832Dec 20, 2024risk 0.00cvss —epss 0.00
Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to…
- CVE-2024-12830Dec 20, 2024risk 0.00cvss —epss 0.01
Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The…
- CVE-2024-12829Dec 20, 2024risk 0.00cvss —epss 0.01
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific…
- CVE-2023-42552Nov 7, 2023risk 0.00cvss —epss 0.00
Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall.
- CVE-2019-20536Mar 24, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019).
- CVE-2018-16116Jun 20, 2019risk 0.00cvss —epss 0.02
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.
- CVE-2018-16117Jun 20, 2019risk 0.00cvss —epss 0.44
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
- CVE-2018-16118Jun 20, 2019risk 0.00cvss —epss 0.04
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
- CVE-2008-0263Jan 15, 2008risk 0.00cvss —epss 0.02
The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors.
- CVE-2007-6097Nov 22, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted."
- CVE-2007-6093Nov 22, 2007risk 0.00cvss —epss 0.01
The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected."
- CVE-2007-6096Nov 22, 2007risk 0.00cvss —epss 0.01
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors.
- CVE-2007-6094Nov 22, 2007risk 0.00cvss —epss 0.01
The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS).
- CVE-2007-6092Nov 22, 2007risk 0.00cvss —epss 0.02
Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
- CVE-2007-6095Nov 22, 2007risk 0.00cvss —epss 0.01
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users.
- CVE-2007-6098Nov 22, 2007risk 0.00cvss —epss 0.01
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for…
- CVE-2007-6099Nov 22, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities.
- CVE-2007-3177Jun 11, 2007risk 0.00cvss —epss 0.01
Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter.
Page 1 of 2