VAR-200307-0036
Vulnerability from variot - Updated: 2025-04-03 22:39Privacyware Privatefirewall 3.0 does not block certain incoming packets when in "Filter Internet Traffic" or Deny Internet Traffic" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans. It has been reported that Privatefirewall does not properly handle TCP traffic with certain flag settings. This may allow an attacker to circumvent firewall filtering. Privatefirewall is a set of firewall software that integrates personal firewall and intrusion detection system. Privatefirewall does not properly handle the communication of some specially marked packets. Remote attackers can exploit this vulnerability to bypass filtering restrictions and access protected resources. The filtering rules of Privatefirewall cannot detect FIN and /Xmas scans, and attackers can use scanning tools such as NMAP to scan protected resources and obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200307-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "privatefirewall",
"scope": "eq",
"trust": 1.9,
"vendor": "privacyware",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "7700"
},
{
"db": "CNNVD",
"id": "CNNVD-200307-006"
},
{
"db": "NVD",
"id": "CVE-2003-0393"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UkR-XblP\u203b cuctema@ok.ru",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200307-006"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0393",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0393",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7221",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0393",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200307-006",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-7221",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7221"
},
{
"db": "CNNVD",
"id": "CNNVD-200307-006"
},
{
"db": "NVD",
"id": "CVE-2003-0393"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Privacyware Privatefirewall 3.0 does not block certain incoming packets when in \"Filter Internet Traffic\" or Deny Internet Traffic\" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans. It has been reported that Privatefirewall does not properly handle TCP traffic with certain flag settings. This may allow an attacker to circumvent firewall filtering. Privatefirewall is a set of firewall software that integrates personal firewall and intrusion detection system. Privatefirewall does not properly handle the communication of some specially marked packets. Remote attackers can exploit this vulnerability to bypass filtering restrictions and access protected resources. The filtering rules of Privatefirewall cannot detect FIN and /Xmas scans, and attackers can use scanning tools such as NMAP to scan protected resources and obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0393"
},
{
"db": "BID",
"id": "7700"
},
{
"db": "VULHUB",
"id": "VHN-7221"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "7700",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2003-0393",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200307-006",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20030524 SOME PROBLEMS IN PRIVATEFIREWALL 3.0",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7221",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7221"
},
{
"db": "BID",
"id": "7700"
},
{
"db": "CNNVD",
"id": "CNNVD-200307-006"
},
{
"db": "NVD",
"id": "CVE-2003-0393"
}
]
},
"id": "VAR-200307-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7221"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:39:07.791000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0393"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/7700"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=105380229532320\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105380229532320\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.privacyware.com/index_pf.html"
},
{
"trust": 0.3,
"url": "/archive/1/322530"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=105380229532320\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7221"
},
{
"db": "BID",
"id": "7700"
},
{
"db": "CNNVD",
"id": "CNNVD-200307-006"
},
{
"db": "NVD",
"id": "CVE-2003-0393"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-7221"
},
{
"db": "BID",
"id": "7700"
},
{
"db": "CNNVD",
"id": "CNNVD-200307-006"
},
{
"db": "NVD",
"id": "CVE-2003-0393"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-7221"
},
{
"date": "2003-05-24T00:00:00",
"db": "BID",
"id": "7700"
},
{
"date": "2003-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200307-006"
},
{
"date": "2003-07-02T04:00:00",
"db": "NVD",
"id": "CVE-2003-0393"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-7221"
},
{
"date": "2009-07-11T22:06:00",
"db": "BID",
"id": "7700"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200307-006"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-0393"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200307-006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Privatefirewall FIN/XMas Scanning communication processing vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200307-006"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "7700"
},
{
"db": "CNNVD",
"id": "CNNVD-200307-006"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…