NETGEAR ProSafe VPN Firewall Web Server Malformed Basic Authorization Header Remote DoS (intrusive check)

medium Nessus Plugin ID 11474

Language:

Synopsis

The remote service is subject to an buffer overflow.

Description

It was possible to crash the remote Web server (possibly the NETGEAR ProSafe VPN Web interface) by supplying a long malformed username and password.
An attacker may use this flaw to disable the remote service.

Solution

Reconfigure the device to disable remote management, contact the vendor for a patch.

Plugin Details

Severity: Medium

ID: 11474

File Name: netgear_prosafe_dos.nasl

Version: 1.20

Type: remote

Family: Web Servers

Published: 3/25/2003

Updated: 5/16/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Based on analysis of vendor advisory.

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/25/2003

Reference Information

BID: 7166

Detections

Analytics