CVE-2007-4043

CRITICAL

Secure Computing SecurityReporter <4.6.3 - Auth Bypass

Title source: llm
STIX 2.1

Description

file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=118522960430476&w=2

Scores

CVSS v3 9.8
EPSS 0.0156
EPSS Percentile 72.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-287
Status published
Products (1)
securecomputing/securityreporter < 4.6.3
Published Jul 27, 2007
Tracked Since Feb 18, 2026