CVE-2002-0438

ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp.zyxel.com/public/zywall10/firmware/zywall10_V3.50%28WA.2%29C0_Standard.zip
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0067.html
http://www.iss.net/security_center/static/8436.php	Vendor Advisory
http://www.securityfocus.com/archive/1/261411	Vendor Advisory
http://www.securityfocus.com/bid/4272	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:zyxel:zywall10:3.20_wa0:::::::*
	cpe:2.3:h:zyxel:zywall10:3.20_wa1:::::::*
	cpe:2.3:h:zyxel:zywall10:3.24_wa0:::::::*
	cpe:2.3:h:zyxel:zywall10:3.24_wa1:::::::*
	cpe:2.3:h:zyxel:zywall10:3.24_wa2:::::::*
	cpe:2.3:h:zyxel:zywall10:3.50_wa1:::::::*

History

No history.

Information

Published : 2002-07-26 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2002-0438

Mitre link : CVE-2002-0438

CVE.ORG link : CVE-2002-0438

JSON object : View

Products Affected

zyxel

zywall10

CWE

NVD-CWE-Other

{"id": "CVE-2002-0438", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-07-26T04:00:00.000", "references": [{"url": "ftp://ftp.zyxel.com/public/zywall10/firmware/zywall10_V3.50%28WA.2%29C0_Standard.zip", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0067.html", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8436.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/261411", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4272", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface."}], "lastModified": "2023-11-07T01:55:50.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:zywall10:3.20_wa0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CBA592E-E73E-45A5-914A-74DA508D39AF"}, {"criteria": "cpe:2.3:h:zyxel:zywall10:3.20_wa1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11B8D73C-32EB-406E-824A-E0ED0F404626"}, {"criteria": "cpe:2.3:h:zyxel:zywall10:3.24_wa0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BBC4ED4-20BC-4C33-BD0C-54DA9BA952FE"}, {"criteria": "cpe:2.3:h:zyxel:zywall10:3.24_wa1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "291E76EE-EA74-4CBD-92B0-F3EAA8275303"}, {"criteria": "cpe:2.3:h:zyxel:zywall10:3.24_wa2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93030A93-D89C-4446-B415-3DF810640ED2"}, {"criteria": "cpe:2.3:h:zyxel:zywall10:3.50_wa1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5B89821-8942-4C94-8CB5-2C1B67349939"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}