Check Point Syslog Daemon Escape Sequence Handler Eingabeungültigkeit
|CVSSv3 Temp Score||Current Exploit Price (≈)|
A vulnerability, which was classified as critical, was found in Check Point Syslog Daemon (the affected version is unknown). This affects an unknown function of the component Escape Sequence Handler. The manipulation with an unknown input leads to a eingabeungültigkeit vulnerability. This is going to have an impact on confidentiality, and integrity.
The weakness was released 03/21/2003 by Peter Bieringer with AreaSec. The advisory is shared for download at aerasec.de. This vulnerability is uniquely identified as CVE-1999-1115. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are unknown but an exploit is available.
The exploit is shared for download at securityfocus.com. We expect the 0-day to have been worth approximately $10k-$25k.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at securityfocus.com.
CVSSv3Base Score: 6.5 [?]
Temp Score: 6.5 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:X/RL:U/RC:X [?]
CVSSv2Base Score: 5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N) [?]
Temp Score: 5.8 (CVSS2#E:ND/RL:U/RC:ND) [?]
Current Price Estimation: $10k-$25k (0-day) / $2k-$5k (Today)
Status: Not available
Timeline12/31/1990 NVD disclosed
03/21/2003 +4463 days Advisory disclosed
03/21/2003 +0 days VulDB entry created
03/21/2003 +0 days SecurityFocus entry assigned
07/02/2015 +4486 days VulDB entry updated
Researcher: Peter Bieringer
CVE: CVE-1999-1115 (mitre.org) (nvd.nist.org) (cvedetails.com)
SecurityFocus: 7161 - Check Point FW-1 Syslog Daemon Unfiltered Escape Sequence Vulnerability
See also: 13626
Entry: 81.3% complete