VAR-200212-0207
Vulnerability from variot - Updated: 2025-04-03 22:36AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames. An issue has been reported in ATGuard Personal Firewall. Reportedly, it is possible for a user to bypass the security restrictions of ATGuard. This is achieved by renaming the restricted web application with an authorized application name. For example, if icq.exe is a restricted service and, iexplore.exe is an authorized application. By renaming icq.exe to iexplore.exe, ATGuard will permit the use of the application. It should be noted that ATGuard Firewall was acquired by Symantec, support for this product may no longer be available. A vulnerability in ATGuard Personal Firewall's outbound connection control handling could allow an attacker to bypass ATGuard's security restrictions. ATGuard Personal Firewall only checks the user name of the application for the restriction of outgoing connections. An attacker can change the name of the Trojan horse so that programs that cannot connect to the outside world can communicate normally
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0207",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "atguard",
"version": "3.2"
}
],
"sources": [
{
"db": "BID",
"id": "4620"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-400"
},
{
"db": "NVD",
"id": "CVE-2002-2063"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BlueScreen\u203b BlueScreen@IT-Checkpoint.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-400"
}
],
"trust": 0.6
},
"cve": "CVE-2002-2063",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-2063",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-6446",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2063",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-400",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-6446",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6446"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-400"
},
{
"db": "NVD",
"id": "CVE-2002-2063"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames. An issue has been reported in ATGuard Personal Firewall. Reportedly, it is possible for a user to bypass the security restrictions of ATGuard. \nThis is achieved by renaming the restricted web application with an authorized application name. \nFor example, if icq.exe is a restricted service and, iexplore.exe is an authorized application. By renaming icq.exe to iexplore.exe, ATGuard will permit the use of the application. \nIt should be noted that ATGuard Firewall was acquired by Symantec, support for this product may no longer be available. A vulnerability in ATGuard Personal Firewall\u0027s outbound connection control handling could allow an attacker to bypass ATGuard\u0027s security restrictions. ATGuard Personal Firewall only checks the user name of the application for the restriction of outgoing connections. An attacker can change the name of the Trojan horse so that programs that cannot connect to the outside world can communicate normally",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2063"
},
{
"db": "BID",
"id": "4620"
},
{
"db": "VULHUB",
"id": "VHN-6446"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4620",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-2063",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200212-400",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020429 ITCP ADVISORY 13: BYPASSING OF ATGUARD FIREWALL POSSIBLE",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "2702",
"trust": 0.6
},
{
"db": "XF",
"id": "8962",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6446",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6446"
},
{
"db": "BID",
"id": "4620"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-400"
},
{
"db": "NVD",
"id": "CVE-2002-2063"
}
]
},
"id": "VAR-200212-0207",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6446"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:36:22.917000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2063"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4620"
},
{
"trust": 1.7,
"url": "http://www.derkeiler.com/mailing-lists/securityfocus/bugtraq/2002-04/0412.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/8962.php"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/2702"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6446"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-400"
},
{
"db": "NVD",
"id": "CVE-2002-2063"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6446"
},
{
"db": "BID",
"id": "4620"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-400"
},
{
"db": "NVD",
"id": "CVE-2002-2063"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6446"
},
{
"date": "2002-04-29T00:00:00",
"db": "BID",
"id": "4620"
},
{
"date": "2002-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-400"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-2063"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6446"
},
{
"date": "2002-04-29T00:00:00",
"db": "BID",
"id": "4620"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-400"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-2063"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-400"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ATGuard Personal Firewall Outbound connection restrictions can bypass the vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-400"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "4620"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-400"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…