SSH Connection Flaw in WatchGuard Firebox Products

CVE-2002-1520

Summary

The CLI interface for WatchGuard Firebox Vclass versions up to 3.2 and RSSA Appliance 3.0.2 contains a significant flaw where the SSH connection is not adequately terminated when the -N option is employed during authentication. This oversight allows remote attackers to gain unauthorized access to the CLI, potentially enabling them to exploit administrator-level privileges. Organizations using these products are advised to review their security configurations and apply any available updates to mitigate this risk.

References