Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
Firewall-1 does not properly restrict access to LDAP attributes.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.0 |
Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | * |
Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| cisco | pix_firewall_software | 4.1(6) |
| cisco | pix_firewall_software | 4.3 |
| cisco | pix_firewall_software | 4.2(1) |
| cisco | pix_firewall_software | 4.2(2) |
| cisco | pix_firewall_software | 5.0 |
| cisco | pix_firewall_software | 4.1(6b) |
| cisco | pix_firewall_software | 4.4(4) |
Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | * |
Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.1 |
FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.1 |
ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-667,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm_pro | * |
| zonelabs | zonealarm | * |
Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0 |
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.1 |
| checkpoint | firewall-1 | 4.1_build_41439 |
Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 3.0b |
Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.1 |
| checkpoint | provider-1 | 4.1 |
| checkpoint | vpn-1 | 4.1 |
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nokia | firewall_appliance | ipso_3.3 |
| nokia | firewall_appliance | ipso_3.4 |
| checkpoint | firewall-1 | 4.1 |
| checkpoint | vpn-1 | 4.1 |
| nokia | firewall_appliance | ipso_3.41 |
Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | vpn-1 | 4.1 |
Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
| checkpoint | check_point_vpn | 1_4.1 |
| checkpoint | check_point_vpn | 1_4.1_sp2 |
| checkpoint | check_point_vpn | 1_4.1_sp3 |
| checkpoint | check_point_vpn | 1_4.1_sp4 |
| checkpoint | check_point_vpn | 1_4.1_sp1 |
| checkpoint | next_generation | * |
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | vpn-1_firewall-1 | 4.0 |
| checkpoint | vpn-1_firewall-1 | 4.1 |
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | ng |
| checkpoint | firewall-1 | 4.1 |
Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | * |
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.1 |
| checkpoint | firewall-1 | next_generation_fp1 |
| checkpoint | vpn-1 | 4.1 |
| checkpoint | firewall-1 | next_generation_fp0 |
| checkpoint | vpn-1 | next_generation_fp0 |
| checkpoint | vpn-1 | next_generation_fp1 |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| avaya | vsu | 7500_r2.0.1 |
| securecomputing | sidewinder | 5.2.0.03 |
| openssl | openssl | 0.9.6g |
| cisco | pix_firewall_software | 6.1(2) |
| checkpoint | firewall-1 | next_generation_fp0 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| cisco | pix_firewall_software | 6.1(1) |
| cisco | pix_firewall_software | 6.0(4.101) |
| sun | crypto_accelerator_4000 | 1.0 |
| stonesoft | stonegate | 1.7.2 |
| vmware | gsx_server | 2.0 |
| cisco | ios | 12.1(13)e9 |
| openssl | openssl | 0.9.7c |
| novell | edirectory | 8.7.1 |
| avaya | intuity_audix | s3400 |
| cisco | webns | 6.10 |
| lite | speed_technologies_litespeed_web_server | 1.2.2 |
| bluecoat | proxysg | * |
| stonesoft | stonegate_vpn_client | 2.0.8 |
| neoteris | instant_virtual_extranet | 3.1 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc3 |
| avaya | vsu | 10000_r2.0.1 |
| novell | edirectory | 8.0 |
| avaya | s8300 | r2.0.0 |
| cisco | webns | 7.10 |
| freebsd | freebsd | 4.8 |
| stonesoft | stonegate | 1.6.3 |
| sco | openserver | 5.0.6 |
| tarantella | tarantella_enterprise | 3.30 |
| cisco | ios | 12.2sy |
| cisco | pix_firewall_software | 6.2 |
| cisco | secure_content_accelerator | 10000 |
| stonesoft | stonegate_vpn_client | 1.7.2 |
| cisco | pix_firewall_software | 6.2(2) |
| neoteris | instant_virtual_extranet | 3.3 |
| stonesoft | stonegate | 1.7 |
| freebsd | freebsd | 5.2 |
| cisco | css11000_content_services_switch | * |
| freebsd | freebsd | 5.1 |
| novell | edirectory | 8.5.12a |
| stonesoft | stonegate | 2.2 |
| cisco | pix_firewall_software | 6.0 |
| avaya | sg203 | 4.31.29 |
| checkpoint | vpn-1 | next_generation_fp0 |
| lite | speed_technologies_litespeed_web_server | 1.3.1 |
| openssl | openssl | 0.9.6j |
| securecomputing | sidewinder | 5.2.1 |
| cisco | webns | 7.1_0.1.02 |
| stonesoft | stonebeat_fullcluster | 1_3.0 |
| checkpoint | firewall-1 | * |
| lite | speed_technologies_litespeed_web_server | 1.2_rc1 |
| 4d | webstar | 5.3.1 |
| securecomputing | sidewinder | 5.2.0.01 |
| hp | aaa_server | * |
| lite | speed_technologies_litespeed_web_server | 1.1 |
| redhat | openssl | 0.9.6b-3 |
| cisco | application_and_content_networking_software | * |
| dell | bsafe_ssl-j | 3.1 |
| cisco | ios | 12.1(19)e1 |
| hp | wbem | a.02.00.00 |
| cisco | call_manager | * |
| cisco | pix_firewall_software | 6.2(1) |
| novell | edirectory | 8.5 |
| stonesoft | stonegate | 1.6.2 |
| openssl | openssl | 0.9.7a |
| checkpoint | vpn-1 | next_generation_fp1 |
| stonesoft | stonegate_vpn_client | 2.0.7 |
| cisco | pix_firewall_software | 6.1(5) |
| cisco | pix_firewall_software | 6.0(3) |
| avaya | vsu | 5000_r2.0.1 |
| stonesoft | stonegate | 2.0.1 |
| redhat | enterprise_linux | 3.0 |
| freebsd | freebsd | 4.9 |
| cisco | webns | 6.10_b4 |
| lite | speed_technologies_litespeed_web_server | 1.1.1 |
| vmware | gsx_server | 2.5.1 |
| avaya | vsu | 5x |
| cisco | ios | 12.2za |
| stonesoft | stonegate_vpn_client | 1.7 |
| bluecoat | cacheos_ca_sa | 4.1.12 |
| hp | hp-ux | 11.00 |
| openssl | openssl | 0.9.7 |
| avaya | vsu | 2000_r2.0.1 |
| stonesoft | stonegate | 2.0.7 |
| cisco | pix_firewall_software | 6.2(3) |
| cisco | webns | 7.10_.0.06s |
| checkpoint | vpn-1 | next_generation_fp2 |
| stonesoft | servercluster | 2.5.2 |
| avaya | vsu | 5 |
| cisco | ios | 12.1(11b)e14 |
| hp | apache-based_web_server | 2.0.43.04 |
| lite | speed_technologies_litespeed_web_server | 1.2.1 |
| neoteris | instant_virtual_extranet | 3.0 |
| securecomputing | sidewinder | 5.2.0.04 |
| stonesoft | servercluster | 2.5 |
| apple | mac_os_x_server | 10.3.3 |
| cisco | pix_firewall_software | 6.3(2) |
| avaya | s8300 | r2.0.1 |
| stonesoft | stonegate | 2.2.1 |
| redhat | linux | 7.2 |
| avaya | vsu | 500 |
| cisco | webns | 7.2_0.0.03 |
| securecomputing | sidewinder | 5.2.1.02 |
| avaya | sg5 | 4.4 |
| lite | speed_technologies_litespeed_web_server | 1.0.1 |
| cisco | css_secure_content_accelerator | 2.0 |
| stonesoft | stonebeat_fullcluster | 3.0 |
| cisco | ios | 12.1(11b)e |
| lite | speed_technologies_litespeed_web_server | 1.2_rc2 |
| stonesoft | stonegate | 1.7.1 |
| avaya | intuity_audix | s3210 |
| stonesoft | stonegate | 1.5.18 |
| neoteris | instant_virtual_extranet | 3.3.1 |
| sgi | propack | 3.0 |
| cisco | okena_stormwatch | 3.2 |
| cisco | pix_firewall_software | 6.3 |
| cisco | firewall_services_module | 2.1_(0.208) |
| avaya | sg208 | 4.4 |
| bluecoat | cacheos_ca_sa | 4.1.10 |
| openssl | openssl | 0.9.6d |
| novell | edirectory | 8.5.27 |
| symantec | clientless_vpn_gateway_4400 | 5.0 |
| openbsd | openbsd | 3.3 |
| cisco | pix_firewall_software | 6.2(3.100) |
| redhat | linux | 7.3 |
| cisco | gss_4490_global_site_selector | * |
| neoteris | instant_virtual_extranet | 3.2 |
| tarantella | tarantella_enterprise | 3.40 |
| openbsd | openbsd | 3.4 |
| cisco | ios | 12.2(14)sy1 |
| vmware | gsx_server | 3.0_build_7592 |
| hp | hp-ux | 11.23 |
| 4d | webstar | 5.2.1 |
| avaya | intuity_audix | * |
| hp | hp-ux | 8.05 |
| cisco | css_secure_content_accelerator | 1.0 |
| avaya | intuity_audix | 5.1.46 |
| cisco | ios | 12.1(11)e |
| checkpoint | provider-1 | 4.1 |
| securecomputing | sidewinder | 5.2.0.02 |
| lite | speed_technologies_litespeed_web_server | 1.3 |
| vmware | gsx_server | 2.0.1_build_2129 |
| cisco | firewall_services_module | 1.1_(3.005) |
| stonesoft | stonegate_vpn_client | 2.0.9 |
| cisco | ios | 12.2(14)sy |
| cisco | ciscoworks_common_services | 2.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| openssl | openssl | 0.9.6f |
| openssl | openssl | 0.9.7b |
| hp | hp-ux | 11.11 |
| cisco | gss_4480_global_site_selector | * |
| avaya | s8500 | r2.0.0 |
| avaya | sg200 | 4.4 |
| novell | edirectory | 8.6.2 |
| avaya | sg200 | 4.31.29 |
| cisco | pix_firewall | 6.2.2_.111 |
| cisco | pix_firewall_software | 6.1 |
| cisco | pix_firewall_software | 6.3(3.102) |
| stonesoft | stonegate | 2.1 |
| avaya | sg5 | 4.2 |
| stonesoft | stonegate | 2.0.6 |
| cisco | pix_firewall_software | 6.1(4) |
| redhat | openssl | 0.9.6-15 |
| 4d | webstar | 5.2 |
| stonesoft | stonegate_vpn_client | 2.0 |
| cisco | pix_firewall_software | 6.0(4) |
| avaya | vsu | 100_r2.0.1 |
| 4d | webstar | 5.2.4 |
| checkpoint | firewall-1 | next_generation_fp2 |
| avaya | sg203 | 4.4 |
| avaya | converged_communications_server | 2.0 |
| stonesoft | stonebeat_fullcluster | 2.0 |
| openssl | openssl | 0.9.6h |
| lite | speed_technologies_litespeed_web_server | 1.3_rc2 |
| stonesoft | stonegate | 2.2.4 |
| sgi | propack | 2.3 |
| cisco | firewall_services_module | 1.1.2 |
| 4d | webstar | 5.3 |
| apple | mac_os_x | 10.3.3 |
| openssl | openssl | 0.9.6c |
| stonesoft | stonegate | 2.0.5 |
| redhat | openssl | 0.9.7a-2 |
| cisco | mds_9000 | * |
| lite | speed_technologies_litespeed_web_server | 1.0.3 |
| sco | openserver | 5.0.7 |
| hp | apache-based_web_server | 2.0.43.00 |
| checkpoint | firewall-1 | 2.0 |
| stonesoft | stonegate | 1.5.17 |
| openssl | openssl | 0.9.6i |
| 4d | webstar | 4.0 |
| avaya | s8700 | r2.0.1 |
| cisco | firewall_services_module | * |
| cisco | firewall_services_module | 1.1.3 |
| 4d | webstar | 5.2.3 |
| stonesoft | stonebeat_fullcluster | 1_2.0 |
| vmware | gsx_server | 2.5.1_build_5336 |
| sgi | propack | 2.4 |
| 4d | webstar | 5.2.2 |
| openssl | openssl | 0.9.6e |
| stonesoft | stonebeat_webcluster | 2.0 |
| cisco | ios | 12.1(11b)e12 |
| cisco | access_registrar | * |
| avaya | s8700 | r2.0.0 |
| lite | speed_technologies_litespeed_web_server | 1.0.2 |
| securecomputing | sidewinder | 5.2 |
| avaya | sg5 | 4.3 |
| cisco | pix_firewall_software | 6.1(3) |
| cisco | content_services_switch_11500 | * |
| stonesoft | stonegate | 2.0.9 |
| avaya | sg208 | * |
| stonesoft | stonebeat_webcluster | 2.5 |
| redhat | linux | 8.0 |
| dell | bsafe_ssl-j | 3.0 |
| hp | wbem | a.01.05.08 |
| novell | edirectory | 8.7 |
| checkpoint | firewall-1 | next_generation_fp1 |
| cisco | threat_response | * |
| novell | imanager | 1.5 |
| avaya | s8500 | r2.0.1 |
| stonesoft | stonebeat_securitycluster | 2.5 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc1 |
| cisco | webns | 7.1_0.2.06 |
| stonesoft | stonegate | 2.0.4 |
| cisco | pix_firewall_software | 6.3(3.109) |
| cisco | pix_firewall_software | 6.0(2) |
| novell | imanager | 2.0 |
| freebsd | freebsd | 5.2.1 |
| cisco | pix_firewall_software | 6.3(1) |
| dell | bsafe_ssl-j | 3.0.1 |
| stonesoft | stonegate | 2.0.8 |
| cisco | pix_firewall_software | 6.0(1) |
| stonesoft | stonebeat_fullcluster | 2.5 |
| hp | wbem | a.02.00.01 |
| stonesoft | stonebeat_securitycluster | 2.0 |
| openssl | openssl | 0.9.6k |
| tarantella | tarantella_enterprise | 3.20 |
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| avaya | vsu | 7500_r2.0.1 |
| securecomputing | sidewinder | 5.2.0.03 |
| openssl | openssl | 0.9.6g |
| cisco | pix_firewall_software | 6.1(2) |
| checkpoint | firewall-1 | next_generation_fp0 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| cisco | pix_firewall_software | 6.1(1) |
| cisco | pix_firewall_software | 6.0(4.101) |
| sun | crypto_accelerator_4000 | 1.0 |
| stonesoft | stonegate | 1.7.2 |
| vmware | gsx_server | 2.0 |
| cisco | ios | 12.1(13)e9 |
| openssl | openssl | 0.9.7c |
| novell | edirectory | 8.7.1 |
| avaya | intuity_audix | s3400 |
| cisco | webns | 6.10 |
| lite | speed_technologies_litespeed_web_server | 1.2.2 |
| bluecoat | proxysg | * |
| stonesoft | stonegate_vpn_client | 2.0.8 |
| neoteris | instant_virtual_extranet | 3.1 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc3 |
| avaya | vsu | 10000_r2.0.1 |
| novell | edirectory | 8.0 |
| avaya | s8300 | r2.0.0 |
| cisco | webns | 7.10 |
| freebsd | freebsd | 4.8 |
| stonesoft | stonegate | 1.6.3 |
| sco | openserver | 5.0.6 |
| tarantella | tarantella_enterprise | 3.30 |
| cisco | ios | 12.2sy |
| cisco | pix_firewall_software | 6.2 |
| cisco | secure_content_accelerator | 10000 |
| stonesoft | stonegate_vpn_client | 1.7.2 |
| cisco | pix_firewall_software | 6.2(2) |
| neoteris | instant_virtual_extranet | 3.3 |
| stonesoft | stonegate | 1.7 |
| freebsd | freebsd | 5.2 |
| checkpoint | vpn-1 | next_generation |
| cisco | css11000_content_services_switch | * |
| freebsd | freebsd | 5.1 |
| novell | edirectory | 8.5.12a |
| stonesoft | stonegate | 2.2 |
| cisco | pix_firewall_software | 6.0 |
| avaya | sg203 | 4.31.29 |
| checkpoint | vpn-1 | next_generation_fp0 |
| lite | speed_technologies_litespeed_web_server | 1.3.1 |
| openssl | openssl | 0.9.6j |
| securecomputing | sidewinder | 5.2.1 |
| cisco | webns | 7.1_0.1.02 |
| stonesoft | stonebeat_fullcluster | 1_3.0 |
| checkpoint | firewall-1 | * |
| lite | speed_technologies_litespeed_web_server | 1.2_rc1 |
| 4d | webstar | 5.3.1 |
| securecomputing | sidewinder | 5.2.0.01 |
| hp | aaa_server | * |
| lite | speed_technologies_litespeed_web_server | 1.1 |
| redhat | openssl | 0.9.6b-3 |
| cisco | application_and_content_networking_software | * |
| dell | bsafe_ssl-j | 3.1 |
| cisco | ios | 12.1(19)e1 |
| hp | wbem | a.02.00.00 |
| cisco | call_manager | * |
| cisco | pix_firewall_software | 6.2(1) |
| novell | edirectory | 8.5 |
| stonesoft | stonegate | 1.6.2 |
| openssl | openssl | 0.9.7a |
| checkpoint | vpn-1 | next_generation_fp1 |
| stonesoft | stonegate_vpn_client | 2.0.7 |
| cisco | pix_firewall_software | 6.1(5) |
| cisco | pix_firewall_software | 6.0(3) |
| avaya | vsu | 5000_r2.0.1 |
| stonesoft | stonegate | 2.0.1 |
| redhat | enterprise_linux | 3.0 |
| freebsd | freebsd | 4.9 |
| cisco | webns | 6.10_b4 |
| lite | speed_technologies_litespeed_web_server | 1.1.1 |
| vmware | gsx_server | 2.5.1 |
| avaya | vsu | 5x |
| cisco | ios | 12.2za |
| stonesoft | stonegate_vpn_client | 1.7 |
| bluecoat | cacheos_ca_sa | 4.1.12 |
| hp | hp-ux | 11.00 |
| openssl | openssl | 0.9.7 |
| avaya | vsu | 2000_r2.0.1 |
| stonesoft | stonegate | 2.0.7 |
| cisco | pix_firewall_software | 6.2(3) |
| cisco | webns | 7.10_.0.06s |
| stonesoft | servercluster | 2.5.2 |
| avaya | vsu | 5 |
| cisco | ios | 12.1(11b)e14 |
| hp | apache-based_web_server | 2.0.43.04 |
| lite | speed_technologies_litespeed_web_server | 1.2.1 |
| neoteris | instant_virtual_extranet | 3.0 |
| securecomputing | sidewinder | 5.2.0.04 |
| stonesoft | servercluster | 2.5 |
| apple | mac_os_x_server | 10.3.3 |
| cisco | pix_firewall_software | 6.3(2) |
| avaya | s8300 | r2.0.1 |
| stonesoft | stonegate | 2.2.1 |
| redhat | linux | 7.2 |
| avaya | vsu | 500 |
| cisco | webns | 7.2_0.0.03 |
| securecomputing | sidewinder | 5.2.1.02 |
| avaya | sg5 | 4.4 |
| lite | speed_technologies_litespeed_web_server | 1.0.1 |
| cisco | css_secure_content_accelerator | 2.0 |
| stonesoft | stonebeat_fullcluster | 3.0 |
| cisco | ios | 12.1(11b)e |
| lite | speed_technologies_litespeed_web_server | 1.2_rc2 |
| stonesoft | stonegate | 1.7.1 |
| avaya | intuity_audix | s3210 |
| stonesoft | stonegate | 1.5.18 |
| neoteris | instant_virtual_extranet | 3.3.1 |
| sgi | propack | 3.0 |
| cisco | okena_stormwatch | 3.2 |
| cisco | pix_firewall_software | 6.3 |
| cisco | firewall_services_module | 2.1_(0.208) |
| avaya | sg208 | 4.4 |
| bluecoat | cacheos_ca_sa | 4.1.10 |
| openssl | openssl | 0.9.6d |
| novell | edirectory | 8.5.27 |
| symantec | clientless_vpn_gateway_4400 | 5.0 |
| openbsd | openbsd | 3.3 |
| cisco | pix_firewall_software | 6.2(3.100) |
| redhat | linux | 7.3 |
| cisco | gss_4490_global_site_selector | * |
| neoteris | instant_virtual_extranet | 3.2 |
| tarantella | tarantella_enterprise | 3.40 |
| openbsd | openbsd | 3.4 |
| cisco | ios | 12.2(14)sy1 |
| vmware | gsx_server | 3.0_build_7592 |
| hp | hp-ux | 11.23 |
| 4d | webstar | 5.2.1 |
| avaya | intuity_audix | * |
| hp | hp-ux | 8.05 |
| cisco | css_secure_content_accelerator | 1.0 |
| avaya | intuity_audix | 5.1.46 |
| cisco | ios | 12.1(11)e |
| checkpoint | provider-1 | 4.1 |
| securecomputing | sidewinder | 5.2.0.02 |
| lite | speed_technologies_litespeed_web_server | 1.3 |
| vmware | gsx_server | 2.0.1_build_2129 |
| cisco | firewall_services_module | 1.1_(3.005) |
| stonesoft | stonegate_vpn_client | 2.0.9 |
| cisco | ios | 12.2(14)sy |
| cisco | ciscoworks_common_services | 2.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| openssl | openssl | 0.9.6f |
| openssl | openssl | 0.9.7b |
| hp | hp-ux | 11.11 |
| cisco | gss_4480_global_site_selector | * |
| avaya | s8500 | r2.0.0 |
| avaya | sg200 | 4.4 |
| novell | edirectory | 8.6.2 |
| avaya | sg200 | 4.31.29 |
| cisco | pix_firewall | 6.2.2_.111 |
| cisco | pix_firewall_software | 6.1 |
| cisco | pix_firewall_software | 6.3(3.102) |
| stonesoft | stonegate | 2.1 |
| avaya | sg5 | 4.2 |
| stonesoft | stonegate | 2.0.6 |
| cisco | pix_firewall_software | 6.1(4) |
| redhat | openssl | 0.9.6-15 |
| 4d | webstar | 5.2 |
| stonesoft | stonegate_vpn_client | 2.0 |
| cisco | pix_firewall_software | 6.0(4) |
| avaya | vsu | 100_r2.0.1 |
| 4d | webstar | 5.2.4 |
| checkpoint | firewall-1 | next_generation_fp2 |
| avaya | sg203 | 4.4 |
| avaya | converged_communications_server | 2.0 |
| stonesoft | stonebeat_fullcluster | 2.0 |
| openssl | openssl | 0.9.6h |
| lite | speed_technologies_litespeed_web_server | 1.3_rc2 |
| stonesoft | stonegate | 2.2.4 |
| sgi | propack | 2.3 |
| cisco | firewall_services_module | 1.1.2 |
| 4d | webstar | 5.3 |
| apple | mac_os_x | 10.3.3 |
| openssl | openssl | 0.9.6c |
| stonesoft | stonegate | 2.0.5 |
| redhat | openssl | 0.9.7a-2 |
| cisco | mds_9000 | * |
| lite | speed_technologies_litespeed_web_server | 1.0.3 |
| sco | openserver | 5.0.7 |
| hp | apache-based_web_server | 2.0.43.00 |
| checkpoint | firewall-1 | 2.0 |
| stonesoft | stonegate | 1.5.17 |
| openssl | openssl | 0.9.6i |
| 4d | webstar | 4.0 |
| avaya | s8700 | r2.0.1 |
| cisco | firewall_services_module | * |
| cisco | firewall_services_module | 1.1.3 |
| 4d | webstar | 5.2.3 |
| stonesoft | stonebeat_fullcluster | 1_2.0 |
| vmware | gsx_server | 2.5.1_build_5336 |
| sgi | propack | 2.4 |
| 4d | webstar | 5.2.2 |
| openssl | openssl | 0.9.6e |
| stonesoft | stonebeat_webcluster | 2.0 |
| cisco | ios | 12.1(11b)e12 |
| cisco | access_registrar | * |
| avaya | s8700 | r2.0.0 |
| lite | speed_technologies_litespeed_web_server | 1.0.2 |
| securecomputing | sidewinder | 5.2 |
| avaya | sg5 | 4.3 |
| cisco | pix_firewall_software | 6.1(3) |
| cisco | content_services_switch_11500 | * |
| stonesoft | stonegate | 2.0.9 |
| avaya | sg208 | * |
| stonesoft | stonebeat_webcluster | 2.5 |
| redhat | linux | 8.0 |
| dell | bsafe_ssl-j | 3.0 |
| hp | wbem | a.01.05.08 |
| novell | edirectory | 8.7 |
| checkpoint | firewall-1 | next_generation_fp1 |
| cisco | threat_response | * |
| novell | imanager | 1.5 |
| avaya | s8500 | r2.0.1 |
| stonesoft | stonebeat_securitycluster | 2.5 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc1 |
| cisco | webns | 7.1_0.2.06 |
| stonesoft | stonegate | 2.0.4 |
| cisco | pix_firewall_software | 6.3(3.109) |
| cisco | pix_firewall_software | 6.0(2) |
| novell | imanager | 2.0 |
| freebsd | freebsd | 5.2.1 |
| cisco | pix_firewall_software | 6.3(1) |
| dell | bsafe_ssl-j | 3.0.1 |
| stonesoft | stonegate | 2.0.8 |
| cisco | pix_firewall_software | 6.0(1) |
| stonesoft | stonebeat_fullcluster | 2.5 |
| hp | wbem | a.02.00.01 |
| stonesoft | stonebeat_securitycluster | 2.0 |
| openssl | openssl | 0.9.6k |
| tarantella | tarantella_enterprise | 3.20 |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| avaya | vsu | 7500_r2.0.1 |
| securecomputing | sidewinder | 5.2.0.03 |
| openssl | openssl | 0.9.6g |
| cisco | pix_firewall_software | 6.1(2) |
| forcepoint | stonegate | 2.0.6 |
| checkpoint | firewall-1 | next_generation_fp0 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| cisco | pix_firewall_software | 6.1(1) |
| cisco | pix_firewall_software | 6.0(4.101) |
| sun | crypto_accelerator_4000 | 1.0 |
| vmware | gsx_server | 2.0 |
| cisco | ios | 12.1(13)e9 |
| openssl | openssl | 0.9.7c |
| novell | edirectory | 8.7.1 |
| forcepoint | stonegate | 1.7.1 |
| avaya | intuity_audix | s3400 |
| cisco | webns | 6.10 |
| bluecoat | proxysg | * |
| neoteris | instant_virtual_extranet | 3.1 |
| avaya | vsu | 10000_r2.0.1 |
| novell | edirectory | 8.0 |
| avaya | s8300 | r2.0.0 |
| cisco | webns | 7.10 |
| freebsd | freebsd | 4.8 |
| sco | openserver | 5.0.6 |
| tarantella | tarantella_enterprise | 3.30 |
| cisco | ios | 12.2sy |
| cisco | pix_firewall_software | 6.2 |
| forcepoint | stonegate | 2.2.4 |
| forcepoint | stonegate | 1.7.2 |
| cisco | secure_content_accelerator | 10000 |
| cisco | pix_firewall_software | 6.2(2) |
| neoteris | instant_virtual_extranet | 3.3 |
| freebsd | freebsd | 5.2 |
| cisco | css11000_content_services_switch | * |
| freebsd | freebsd | 5.1 |
| novell | edirectory | 8.5.12a |
| cisco | pix_firewall_software | 6.0 |
| avaya | sg203 | 4.31.29 |
| checkpoint | vpn-1 | next_generation_fp0 |
| openssl | openssl | 0.9.6j |
| securecomputing | sidewinder | 5.2.1 |
| cisco | webns | 7.1_0.1.02 |
| stonesoft | stonebeat_fullcluster | 1_3.0 |
| checkpoint | firewall-1 | * |
| 4d | webstar | 5.3.1 |
| forcepoint | stonegate | 2.0.8 |
| securecomputing | sidewinder | 5.2.0.01 |
| hp | aaa_server | * |
| redhat | openssl | 0.9.6b-3 |
| cisco | application_and_content_networking_software | * |
| dell | bsafe_ssl-j | 3.1 |
| cisco | ios | 12.1(19)e1 |
| hp | wbem | a.02.00.00 |
| cisco | call_manager | * |
| cisco | pix_firewall_software | 6.2(1) |
| novell | edirectory | 8.5 |
| openssl | openssl | 0.9.7a |
| checkpoint | vpn-1 | next_generation_fp1 |
| litespeedtech | litespeed_web_server | 1.0.1 |
| cisco | pix_firewall_software | 6.1(5) |
| cisco | pix_firewall_software | 6.0(3) |
| avaya | vsu | 5000_r2.0.1 |
| redhat | enterprise_linux | 3.0 |
| freebsd | freebsd | 4.9 |
| cisco | webns | 6.10_b4 |
| vmware | gsx_server | 2.5.1 |
| avaya | vsu | 5x |
| cisco | ios | 12.2za |
| bluecoat | cacheos_ca_sa | 4.1.12 |
| hp | hp-ux | 11.00 |
| openssl | openssl | 0.9.7 |
| avaya | vsu | 2000_r2.0.1 |
| cisco | pix_firewall_software | 6.2(3) |
| cisco | webns | 7.10_.0.06s |
| checkpoint | vpn-1 | next_generation_fp2 |
| stonesoft | servercluster | 2.5.2 |
| avaya | vsu | 5 |
| forcepoint | stonegate | 1.7 |
| cisco | ios | 12.1(11b)e14 |
| hp | apache-based_web_server | 2.0.43.04 |
| neoteris | instant_virtual_extranet | 3.0 |
| securecomputing | sidewinder | 5.2.0.04 |
| stonesoft | servercluster | 2.5 |
| apple | mac_os_x_server | 10.3.3 |
| cisco | pix_firewall_software | 6.3(2) |
| avaya | s8300 | r2.0.1 |
| redhat | linux | 7.2 |
| forcepoint | stonegate | 2.0.7 |
| avaya | vsu | 500 |
| cisco | webns | 7.2_0.0.03 |
| securecomputing | sidewinder | 5.2.1.02 |
| avaya | sg5 | 4.4 |
| cisco | css_secure_content_accelerator | 2.0 |
| stonesoft | stonebeat_fullcluster | 3.0 |
| cisco | ios | 12.1(11b)e |
| avaya | intuity_audix | s3210 |
| neoteris | instant_virtual_extranet | 3.3.1 |
| sgi | propack | 3.0 |
| cisco | okena_stormwatch | 3.2 |
| cisco | pix_firewall_software | 6.3 |
| cisco | firewall_services_module | 2.1_(0.208) |
| avaya | sg208 | 4.4 |
| bluecoat | cacheos_ca_sa | 4.1.10 |
| openssl | openssl | 0.9.6d |
| novell | edirectory | 8.5.27 |
| symantec | clientless_vpn_gateway_4400 | 5.0 |
| openbsd | openbsd | 3.3 |
| cisco | pix_firewall_software | 6.2(3.100) |
| redhat | linux | 7.3 |
| cisco | gss_4490_global_site_selector | * |
| forcepoint | stonegate | 2.0.4 |
| neoteris | instant_virtual_extranet | 3.2 |
| tarantella | tarantella_enterprise | 3.40 |
| openbsd | openbsd | 3.4 |
| cisco | ios | 12.2(14)sy1 |
| vmware | gsx_server | 3.0_build_7592 |
| hp | hp-ux | 11.23 |
| 4d | webstar | 5.2.1 |
| forcepoint | stonegate | 2.1 |
| avaya | intuity_audix | * |
| hp | hp-ux | 8.05 |
| cisco | css_secure_content_accelerator | 1.0 |
| avaya | intuity_audix | 5.1.46 |
| cisco | ios | 12.1(11)e |
| checkpoint | provider-1 | 4.1 |
| securecomputing | sidewinder | 5.2.0.02 |
| vmware | gsx_server | 2.0.1_build_2129 |
| cisco | firewall_services_module | 1.1_(3.005) |
| cisco | ios | 12.2(14)sy |
| cisco | ciscoworks_common_services | 2.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| openssl | openssl | 0.9.6f |
| openssl | openssl | 0.9.7b |
| hp | hp-ux | 11.11 |
| cisco | gss_4480_global_site_selector | * |
| avaya | s8500 | r2.0.0 |
| avaya | sg200 | 4.4 |
| novell | edirectory | 8.6.2 |
| avaya | sg200 | 4.31.29 |
| cisco | pix_firewall | 6.2.2_.111 |
| cisco | pix_firewall_software | 6.1 |
| cisco | pix_firewall_software | 6.3(3.102) |
| forcepoint | stonegate | 1.5.18 |
| avaya | sg5 | 4.2 |
| cisco | pix_firewall_software | 6.1(4) |
| redhat | openssl | 0.9.6-15 |
| 4d | webstar | 5.2 |
| cisco | pix_firewall_software | 6.0(4) |
| avaya | vsu | 100_r2.0.1 |
| 4d | webstar | 5.2.4 |
| checkpoint | firewall-1 | next_generation_fp2 |
| avaya | sg203 | 4.4 |
| avaya | converged_communications_server | 2.0 |
| stonesoft | stonebeat_fullcluster | 2.0 |
| openssl | openssl | 0.9.6h |
| forcepoint | stonegate | 1.5.17 |
| sgi | propack | 2.3 |
| cisco | firewall_services_module | 1.1.2 |
| forcepoint | stonegate | 1.6.2 |
| 4d | webstar | 5.3 |
| apple | mac_os_x | 10.3.3 |
| openssl | openssl | 0.9.6c |
| redhat | openssl | 0.9.7a-2 |
| cisco | mds_9000 | * |
| sco | openserver | 5.0.7 |
| forcepoint | stonegate | 2.2 |
| hp | apache-based_web_server | 2.0.43.00 |
| checkpoint | firewall-1 | 2.0 |
| openssl | openssl | 0.9.6i |
| 4d | webstar | 4.0 |
| avaya | s8700 | r2.0.1 |
| cisco | firewall_services_module | * |
| cisco | firewall_services_module | 1.1.3 |
| 4d | webstar | 5.2.3 |
| stonesoft | stonebeat_fullcluster | 1_2.0 |
| vmware | gsx_server | 2.5.1_build_5336 |
| forcepoint | stonegate | 2.0.1 |
| sgi | propack | 2.4 |
| 4d | webstar | 5.2.2 |
| openssl | openssl | 0.9.6e |
| stonesoft | stonebeat_webcluster | 2.0 |
| cisco | ios | 12.1(11b)e12 |
| cisco | access_registrar | * |
| avaya | s8700 | r2.0.0 |
| securecomputing | sidewinder | 5.2 |
| avaya | sg5 | 4.3 |
| cisco | pix_firewall_software | 6.1(3) |
| cisco | content_services_switch_11500 | * |
| avaya | sg208 | * |
| stonesoft | stonebeat_webcluster | 2.5 |
| redhat | linux | 8.0 |
| dell | bsafe_ssl-j | 3.0 |
| hp | wbem | a.01.05.08 |
| novell | edirectory | 8.7 |
| forcepoint | stonegate | 1.6.3 |
| checkpoint | firewall-1 | next_generation_fp1 |
| forcepoint | stonegate | 2.0.5 |
| cisco | threat_response | * |
| novell | imanager | 1.5 |
| avaya | s8500 | r2.0.1 |
| stonesoft | stonebeat_securitycluster | 2.5 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| cisco | webns | 7.1_0.2.06 |
| cisco | pix_firewall_software | 6.3(3.109) |
| cisco | pix_firewall_software | 6.0(2) |
| forcepoint | stonegate | 2.0.9 |
| novell | imanager | 2.0 |
| freebsd | freebsd | 5.2.1 |
| cisco | pix_firewall_software | 6.3(1) |
| forcepoint | stonegate | 2.2.1 |
| dell | bsafe_ssl-j | 3.0.1 |
| cisco | pix_firewall_software | 6.0(1) |
| stonesoft | stonebeat_fullcluster | 2.5 |
| hp | wbem | a.02.00.01 |
| stonesoft | stonebeat_securitycluster | 2.0 |
| openssl | openssl | 0.9.6k |
| tarantella | tarantella_enterprise | 3.20 |
Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel negotiation.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | vpn-1 | vsx_2.0.1 |
| checkpoint | firewall-1 | 2.0 |
| checkpoint | firewall-1 | 2.0.1 |
| checkpoint | firewall-1 | * |
| checkpoint | ng-ai | r54 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| checkpoint | ng-ai | r55 |
| checkpoint | next_generation | * |
Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.1 |
| checkpoint | vpn-1 | * |
Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes Firewall-1 to return a response containing version and other information.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1 | 4.0 |
| checkpoint | firewall-1 | 4.1 |
| checkpoint | firewall-1 | r55 |
vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | check_point_integrity_client | * |
| zonelabs | zonealarm | 5.5.062.011 |
| checkpoint | check_point_integrity_client | 4.5.122.000 |
| zonelabs | zonealarm_wireless_security | * |
Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | connectra_ngx | r60 |
Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm | * |
| checkpoint | zonealarm_security_suite | 6.5.737 |
| checkpoint | zonealarm_security_suite | 5.5.062.004 |
The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | vpn-1 | ngx_r60 |
| checkpoint | vpn-1_firewall-1_next_generation | r55w |
| checkpoint | firewall-1 | 3.0 |
| checkpoint | express | ci_r57 |
| checkpoint | vpn-1_firewall-1_next_generation | r55 |
| checkpoint | check_point | * |
| checkpoint | vpn-1_firewall-1_next_generation | r55p |
| checkpoint | vpn-1_firewall-1_next_generation | r54 |
Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | secureclient_ng | * |
| checkpoint | vpn-1_secureclient | 4.1 |
| checkpoint | secureclient_ng | r56 |
| checkpoint | vpn-1_secureclient | 4.0 |
Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | vpn-1 | 4.1 |
| checkpoint | vpn-1 | * |
The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | vpn-1_secureclient | ngx_r60 |
| checkpoint | vpn-1_secureclient | ngai_r56 |
NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers." In addition, the original researcher, whose reliability is unknown as of 20090407, also states that the issue "was discovered during a pen-test where the client would not allow further analysis.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | firewall-1_pki_web_service | - |
Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm_extreme_security | 9.1.507.000 |
Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | vpn-1_firewall-1_vsx | r67 |
| checkpoint | vpn-1 | r71.30 |
| checkpoint | connectra_ngx | r66.1n |
| checkpoint | vpn-1 | r75 |
| checkpoint | vpn-1 | r65.70 |
| checkpoint | connectra_ngx | r66.1 |
| checkpoint | vpn-1 | r70.40 |
| checkpoint | vpn-1_firewall-1_vsx | r65.20 |
Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | multi-domain_management/provider-1 | ngx_smartcenter |
| checkpoint | multi-domain_management/provider-1 | ngx_r65 |
| checkpoint | multi-domain_management/provider-1 | ngx_r75 |
| checkpoint | multi-domain_management/provider-1 | ngx_r70 |
| checkpoint | multi-domain_management/provider-1 | ngx_r71 |
Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security | e80.10 |
| checkpoint | endpoint_connect | r73 |
| checkpoint | endpoint_security | r73 |
| checkpoint | remote_access_clients | e75 |
| checkpoint | remote_access_clients | e75.10 |
| checkpoint | endpoint_security | e80 |
| checkpoint | endpoint_security | e80.30 |
| checkpoint | endpoint_security_vpn | r75 |
| checkpoint | endpoint_security | e80.20 |
| checkpoint | remote_access_clients | e75.20 |
Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously.
CVSS 2.0
Severity: LOW
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security | e80.10 |
| checkpoint | endpoint_security | e80.41 |
| checkpoint | endpoint_security | e80.40 |
| checkpoint | endpoint_security | e80 |
| checkpoint | endpoint_security | e80.30 |
| checkpoint | endpoint_security | e80.20 |
| checkpoint | endpoint_security | e80.50 |
Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses.
CVSS 2.0
Severity: LOW
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security | e80.10 |
| checkpoint | endpoint_security | e80.41 |
| checkpoint | endpoint_security | e80.40 |
| checkpoint | endpoint_security | e80 |
| checkpoint | endpoint_security | e80.30 |
| checkpoint | endpoint_security | e80.20 |
| checkpoint | endpoint_security | e80.50 |
Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security_mi_server_r73 | * |
The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | ipso_os | 6.2 |
| checkpoint | gaia_os | r76.0 |
| checkpoint | gaia_os | r75.0 |
Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown impact and attack vectors related to "important security fixes."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | security_gateway | r71.00 |
| checkpoint | security_gateway | r75.20 |
| checkpoint | security_gateway | r71.45 |
Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, which allows attackers to bypass intended access restrictions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | management_server | r75.47 |
| checkpoint | security_gateway | r75.47 |
Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | session_authentication_agent | - |
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_server | 12 |
| f5 | traffix_signaling_delivery_controller | 3.5.1 |
| novell | zenworks_configuration_management | 11.2 |
| redhat | enterprise_linux_server_from_rhui | 7.0 |
| ibm | workload_deployer | * |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.2 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.6_s390x |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 |
| f5 | big-ip_application_acceleration_manager | 11.6.0 |
| ibm | smartcloud_entry_appliance | 2.3.0 |
| redhat | enterprise_linux | 7.0 |
| vmware | vcenter_server_appliance | 5.1 |
| ibm | qradar_vulnerability_manager | 7.2.4 |
| redhat | enterprise_linux_server | 6.0 |
| ibm | qradar_vulnerability_manager | 7.2.6 |
| f5 | big-ip_advanced_firewall_manager | 11.6.0 |
| f5 | big-ip_webaccelerator | * |
| opensuse | opensuse | 13.1 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.5 |
| f5 | traffix_signaling_delivery_controller | 3.3.2 |
| redhat | enterprise_linux_eus | 7.6 |
| ibm | storwize_v7000_firmware | * |
| ibm | qradar_security_information_and_event_manager | 7.2.8 |
| novell | zenworks_configuration_management | 10.3 |
| redhat | enterprise_linux_desktop | 6.0 |
| vmware | esx | 4.0 |
| suse | linux_enterprise_desktop | 11 |
| redhat | enterprise_linux_for_power_big_endian | 6.0_ppc64 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.7_s390x |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.3 |
| ibm | qradar_security_information_and_event_manager | 7.2.0 |
| redhat | enterprise_linux | 5.0 |
| citrix | netscaler_sdx_firmware | * |
| mageia | mageia | 3.0 |
| ibm | qradar_vulnerability_manager | 7.2.1 |
| ibm | qradar_security_information_and_event_manager | 7.2.7 |
| redhat | enterprise_linux_eus | 5.9 |
| f5 | big-ip_wan_optimization_manager | * |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_from_rhui | 5.0 |
| redhat | virtualization | 3.4 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.6 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.7 |
| f5 | big-ip_analytics | * |
| f5 | enterprise_manager | * |
| ibm | pureapplication_system | 2.0.0.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.3_ppc64 |
| f5 | big-ip_access_policy_manager | * |
| f5 | big-ip_advanced_firewall_manager | * |
| redhat | gluster_storage_server_for_on-premise | 2.1 |
| f5 | big-ip_application_security_manager | * |
| qnap | qts | 4.1.1 |
| ibm | san_volume_controller_firmware | * |
| suse | linux_enterprise_software_development_kit | 11 |
| suse | studio_onsite | 1.3 |
| f5 | big-ip_global_traffic_manager | 11.6.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.3_s390x |
| novell | open_enterprise_server | 2.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.9 |
| ibm | qradar_security_information_and_event_manager | 7.1.2 |
| redhat | enterprise_linux_eus | 6.5 |
| mageia | mageia | 4.0 |
| ibm | stn7800_firmware | * |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.3 |
| debian | debian_linux | 7.0 |
| ibm | qradar_risk_manager | 7.1.0 |
| canonical | ubuntu_linux | 10.04 |
| vmware | esx | 4.1 |
| oracle | linux | 4 |
| ibm | storwize_v3700_firmware | * |
| redhat | enterprise_linux_server_aus | 7.6 |
| novell | zenworks_configuration_management | 11.3.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.2 |
| redhat | enterprise_linux_server_aus | 6.5 |
| f5 | big-ip_global_traffic_manager | * |
| arista | eos | * |
| redhat | enterprise_linux_server_from_rhui | 6.0 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.5 |
| apple | mac_os_x | * |
| suse | linux_enterprise_software_development_kit | 12 |
| ibm | qradar_vulnerability_manager | 7.2.8 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_server_aus | 6.4 |
| f5 | big-ip_edge_gateway | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.5_s390x |
| redhat | enterprise_linux_server_tus | 6.5 |
| ibm | qradar_vulnerability_manager | 7.2.0 |
| redhat | enterprise_linux_eus | 6.4 |
| f5 | traffix_signaling_delivery_controller | 4.1.0 |
| opensuse | opensuse | 13.2 |
| novell | zenworks_configuration_management | 11.1 |
| redhat | enterprise_linux_workstation | 6.0 |
| novell | open_enterprise_server | 11.0 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.2 |
| oracle | linux | 5 |
| f5 | traffix_signaling_delivery_controller | * |
| ibm | storwize_v3500_firmware | * |
| ibm | qradar_security_information_and_event_manager | 7.1.1 |
| f5 | big-iq_device | * |
| ibm | pureapplication_system | * |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.4_s390x |
| ibm | flex_system_v7000_firmware | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.4_s390x |
| ibm | qradar_security_information_and_event_manager | 7.2.6 |
| ibm | smartcloud_entry_appliance | 2.4.0 |
| checkpoint | security_gateway | * |
| f5 | big-ip_application_acceleration_manager | * |
| f5 | big-ip_analytics | 11.6.0 |
| ibm | starter_kit_for_cloud | 2.2.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.4_ppc64 |
| f5 | big-ip_link_controller | * |
| redhat | enterprise_linux_server_tus | 7.7 |
| f5 | big-ip_local_traffic_manager | * |
| qnap | qts | * |
| f5 | traffix_signaling_delivery_controller | 3.4.1 |
| redhat | enterprise_linux_for_ibm_z_systems | 5.9_s390x |
| ibm | smartcloud_entry_appliance | 3.2.0 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.3 |
| redhat | enterprise_linux | 4.0 |
| suse | linux_enterprise_server | 10 |
| redhat | enterprise_linux_for_scientific_computing | 6.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.6_ppc64 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.5_s390x |
| f5 | big-ip_local_traffic_manager | 11.6.0 |
| f5 | big-ip_access_policy_manager | 11.6.0 |
| redhat | enterprise_linux_server | 5.0 |
| opensuse | opensuse | 12.3 |
| gnu | bash | * |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.1 |
| ibm | infosphere_guardium_database_activity_monitoring | 8.2 |
| vmware | vcenter_server_appliance | 5.0 |
| f5 | big-ip_policy_enforcement_manager | * |
| redhat | enterprise_linux_for_power_big_endian | 5.9_ppc |
| ibm | qradar_vulnerability_manager | 7.2.3 |
| f5 | big-ip_policy_enforcement_manager | 11.6.0 |
| f5 | big-iq_security | * |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_for_power_big_endian | 6.4_ppc64 |
| ibm | smartcloud_entry_appliance | 3.1.0 |
| ibm | smartcloud_provisioning | 2.1.0 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.5 |
| vmware | vcenter_server_appliance | 5.5 |
| canonical | ubuntu_linux | 14.04 |
| ibm | qradar_vulnerability_manager | 7.2.2 |
| redhat | enterprise_linux_server_aus | 5.6 |
| f5 | big-iq_cloud | * |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| oracle | linux | 6 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.5_ppc64 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.1 |
| f5 | big-ip_protocol_security_module | * |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_aus | 6.2 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.8.15 |
| redhat | enterprise_linux_eus | 7.4 |
| f5 | big-ip_link_controller | 11.6.0 |
| redhat | enterprise_linux_for_power_big_endian | 5.0_ppc |
| ibm | qradar_security_information_and_event_manager | 7.2.1 |
| redhat | enterprise_linux_server_aus | 7.3 |
| ibm | qradar_security_information_and_event_manager | 7.2.4 |
| redhat | enterprise_linux_server_tus | 7.3 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.2 |
| ibm | software_defined_network_for_virtual_environments | * |
| redhat | enterprise_linux_eus | 7.5 |
| ibm | qradar_security_information_and_event_manager | 7.1.0 |
| ibm | storwize_v5000_firmware | * |
| f5 | arx_firmware | * |
| redhat | enterprise_linux_server_aus | 5.9 |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_desktop | 12 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.4 |
| ibm | stn6500_firmware | * |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.1 |
| redhat | enterprise_linux | 6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.3 |
| ibm | qradar_security_information_and_event_manager | 7.2.5 |
| redhat | enterprise_linux_server_aus | 7.4 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.8 |
| ibm | qradar_security_information_and_event_manager | 7.2 |
| f5 | big-ip_application_security_manager | 11.6.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 6.5_ppc64 |
| redhat | enterprise_linux_eus | 7.3 |
| novell | zenworks_configuration_management | 11 |
| ibm | stn6800_firmware | * |
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_server | 12 |
| f5 | traffix_signaling_delivery_controller | 3.5.1 |
| novell | zenworks_configuration_management | 11.2 |
| redhat | enterprise_linux_server_from_rhui | 7.0 |
| ibm | workload_deployer | * |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.2 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.6_s390x |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 |
| f5 | big-ip_application_acceleration_manager | 11.6.0 |
| ibm | smartcloud_entry_appliance | 2.3.0 |
| redhat | enterprise_linux | 7.0 |
| vmware | vcenter_server_appliance | 5.1 |
| ibm | qradar_vulnerability_manager | 7.2.4 |
| redhat | enterprise_linux_server | 6.0 |
| ibm | qradar_vulnerability_manager | 7.2.6 |
| f5 | big-ip_advanced_firewall_manager | 11.6.0 |
| f5 | big-ip_webaccelerator | * |
| opensuse | opensuse | 13.1 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.5 |
| f5 | traffix_signaling_delivery_controller | 3.3.2 |
| redhat | enterprise_linux_eus | 7.6 |
| ibm | storwize_v7000_firmware | * |
| ibm | qradar_security_information_and_event_manager | 7.2.8 |
| novell | zenworks_configuration_management | 10.3 |
| redhat | enterprise_linux_desktop | 6.0 |
| vmware | esx | 4.0 |
| suse | linux_enterprise_desktop | 11 |
| redhat | enterprise_linux_for_power_big_endian | 6.0_ppc64 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.7_s390x |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.3 |
| ibm | qradar_security_information_and_event_manager | 7.2.0 |
| redhat | enterprise_linux | 5.0 |
| citrix | netscaler_sdx_firmware | * |
| mageia | mageia | 3.0 |
| ibm | qradar_vulnerability_manager | 7.2.1 |
| ibm | qradar_security_information_and_event_manager | 7.2.7 |
| redhat | enterprise_linux_eus | 5.9 |
| f5 | big-ip_wan_optimization_manager | * |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_from_rhui | 5.0 |
| redhat | virtualization | 3.4 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.6 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.7 |
| f5 | big-ip_analytics | * |
| f5 | enterprise_manager | * |
| ibm | pureapplication_system | 2.0.0.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.3_ppc64 |
| f5 | big-ip_access_policy_manager | * |
| f5 | big-ip_advanced_firewall_manager | * |
| redhat | gluster_storage_server_for_on-premise | 2.1 |
| f5 | big-ip_application_security_manager | * |
| qnap | qts | 4.1.1 |
| ibm | san_volume_controller_firmware | * |
| suse | linux_enterprise_software_development_kit | 11 |
| suse | studio_onsite | 1.3 |
| f5 | big-ip_global_traffic_manager | 11.6.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.3_s390x |
| novell | open_enterprise_server | 2.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.9 |
| ibm | qradar_security_information_and_event_manager | 7.1.2 |
| redhat | enterprise_linux_eus | 6.5 |
| mageia | mageia | 4.0 |
| ibm | stn7800_firmware | * |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.3 |
| debian | debian_linux | 7.0 |
| ibm | qradar_risk_manager | 7.1.0 |
| canonical | ubuntu_linux | 10.04 |
| vmware | esx | 4.1 |
| oracle | linux | 4 |
| ibm | storwize_v3700_firmware | * |
| redhat | enterprise_linux_server_aus | 7.6 |
| novell | zenworks_configuration_management | 11.3.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.2 |
| redhat | enterprise_linux_server_aus | 6.5 |
| f5 | big-ip_global_traffic_manager | * |
| arista | eos | * |
| redhat | enterprise_linux_server_from_rhui | 6.0 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.5 |
| apple | mac_os_x | * |
| suse | linux_enterprise_software_development_kit | 12 |
| ibm | qradar_vulnerability_manager | 7.2.8 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_server_aus | 6.4 |
| f5 | big-ip_edge_gateway | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.5_s390x |
| redhat | enterprise_linux_server_tus | 6.5 |
| ibm | qradar_vulnerability_manager | 7.2.0 |
| redhat | enterprise_linux_eus | 6.4 |
| f5 | traffix_signaling_delivery_controller | 4.1.0 |
| opensuse | opensuse | 13.2 |
| novell | zenworks_configuration_management | 11.1 |
| redhat | enterprise_linux_workstation | 6.0 |
| novell | open_enterprise_server | 11.0 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.2 |
| oracle | linux | 5 |
| f5 | traffix_signaling_delivery_controller | * |
| ibm | storwize_v3500_firmware | * |
| ibm | qradar_security_information_and_event_manager | 7.1.1 |
| f5 | big-iq_device | * |
| ibm | pureapplication_system | * |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.4_s390x |
| ibm | flex_system_v7000_firmware | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.4_s390x |
| ibm | qradar_security_information_and_event_manager | 7.2.6 |
| ibm | smartcloud_entry_appliance | 2.4.0 |
| checkpoint | security_gateway | * |
| f5 | big-ip_application_acceleration_manager | * |
| f5 | big-ip_analytics | 11.6.0 |
| ibm | starter_kit_for_cloud | 2.2.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.4_ppc64 |
| f5 | big-ip_link_controller | * |
| redhat | enterprise_linux_server_tus | 7.7 |
| f5 | big-ip_local_traffic_manager | * |
| qnap | qts | * |
| f5 | traffix_signaling_delivery_controller | 3.4.1 |
| redhat | enterprise_linux_for_ibm_z_systems | 5.9_s390x |
| ibm | smartcloud_entry_appliance | 3.2.0 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.3 |
| redhat | enterprise_linux | 4.0 |
| suse | linux_enterprise_server | 10 |
| redhat | enterprise_linux_for_scientific_computing | 6.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.6_ppc64 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.5_s390x |
| f5 | big-ip_local_traffic_manager | 11.6.0 |
| f5 | big-ip_access_policy_manager | 11.6.0 |
| redhat | enterprise_linux_server | 5.0 |
| opensuse | opensuse | 12.3 |
| gnu | bash | * |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.1 |
| ibm | infosphere_guardium_database_activity_monitoring | 8.2 |
| vmware | vcenter_server_appliance | 5.0 |
| f5 | big-ip_policy_enforcement_manager | * |
| redhat | enterprise_linux_for_power_big_endian | 5.9_ppc |
| ibm | qradar_vulnerability_manager | 7.2.3 |
| f5 | big-ip_policy_enforcement_manager | 11.6.0 |
| f5 | big-iq_security | * |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_for_power_big_endian | 6.4_ppc64 |
| ibm | smartcloud_entry_appliance | 3.1.0 |
| ibm | smartcloud_provisioning | 2.1.0 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.5 |
| vmware | vcenter_server_appliance | 5.5 |
| canonical | ubuntu_linux | 14.04 |
| ibm | qradar_vulnerability_manager | 7.2.2 |
| redhat | enterprise_linux_server_aus | 5.6 |
| f5 | big-iq_cloud | * |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| oracle | linux | 6 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.5_ppc64 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.1 |
| f5 | big-ip_protocol_security_module | * |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_aus | 6.2 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.8.15 |
| redhat | enterprise_linux_eus | 7.4 |
| f5 | big-ip_link_controller | 11.6.0 |
| redhat | enterprise_linux_for_power_big_endian | 5.0_ppc |
| ibm | qradar_security_information_and_event_manager | 7.2.1 |
| redhat | enterprise_linux_server_aus | 7.3 |
| ibm | qradar_security_information_and_event_manager | 7.2.4 |
| redhat | enterprise_linux_server_tus | 7.3 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.2 |
| ibm | software_defined_network_for_virtual_environments | * |
| redhat | enterprise_linux_eus | 7.5 |
| ibm | qradar_security_information_and_event_manager | 7.1.0 |
| ibm | storwize_v5000_firmware | * |
| f5 | arx_firmware | * |
| redhat | enterprise_linux_server_aus | 5.9 |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_desktop | 12 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.4 |
| ibm | stn6500_firmware | * |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.1 |
| redhat | enterprise_linux | 6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.3 |
| ibm | qradar_security_information_and_event_manager | 7.2.5 |
| redhat | enterprise_linux_server_aus | 7.4 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.8 |
| ibm | qradar_security_information_and_event_manager | 7.2 |
| f5 | big-ip_application_security_manager | 11.6.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 6.5_ppc64 |
| redhat | enterprise_linux_eus | 7.3 |
| novell | zenworks_configuration_management | 11 |
| ibm | stn6800_firmware | * |
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | security_gateway | r77 |
| checkpoint | security_gateway | r77.10 |
Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | security_gateway | r75 |
| checkpoint | security_gateway | r76 |
| checkpoint | security_gateway | r77 |
| checkpoint | security_gateway | r77.10 |
Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service ("stability issue") via an unspecified "traffic condition."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | security_gateway | r75.47 |
| checkpoint | security_gateway | r76 |
| checkpoint | security_gateway | r77 |
| checkpoint | security_gateway | r75.45 |
| checkpoint | security_gateway | r75.46 |
| checkpoint | security_gateway | r77.10 |
| checkpoint | security_gateway | r75.40 |
Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-863,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm | * |
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-65,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm | * |
| checkpoint | endpoint_security | * |
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.
CVSS 2.0
Severity: LOW
Problem Type: CWE-114,CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm | * |
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-65,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security | * |
A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 1.8 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-65,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm | * |
Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | ipsec_vpn | r80.20 |
| checkpoint | ipsec_vpn | r80.10 |
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.7 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-114,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security_clients | * |
| checkpoint | capsule_docs | * |
| checkpoint | remote_access_clients | * |
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-428,CWE-428,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security_clients | * |
| checkpoint | capsule_docs_standalone_client | * |
| checkpoint | smartconsole_for_endpoint_security_server | e80.83 |
| checkpoint | jumbo_hotfix_for_endpoint_security_server | * |
| checkpoint | smartconsole_for_endpoint_security_server | * |
| checkpoint | remote_access_clients | * |
| checkpoint | endpoint_security_server_package | * |
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-114,CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | capsule_docs_standalone_client | * |
| checkpoint | endpoint_security | * |
| checkpoint | remote_access_clients | * |
In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-755,CWE-755,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | security_gateway | r80.30 |
A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security_clients | * |
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. This allows an unprivileged user to enable escalation of privilege via local access.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm_anti-ransomware | * |
ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-65,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm_extreme_security | * |
Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 0.6 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-114,CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security | * |
Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security | e84.10 |
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | ica_management_portal | r80.30 |
| checkpoint | ica_management_portal | * |
| checkpoint | ica_management_portal | r80.20 |
| checkpoint | ica_management_portal | r80.40 |
| checkpoint | ica_management_portal | r80.10 |
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security | * |
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-275,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm | * |
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm | * |
Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-114,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | smartconsole | r80.30 |
| checkpoint | smartconsole | * |
| checkpoint | smartconsole | r80.20 |
| checkpoint | smartconsole | r81 |
| checkpoint | smartconsole | r80.40 |
A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | identity_agent | * |
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-209,CWE-209,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | ssl_network_extender | r80.30 |
| checkpoint | ssl_network_extender | r80.20 |
| checkpoint | ssl_network_extender | r80.40 |
| checkpoint | ssl_network_extender | r81 |
| checkpoint | ssl_network_extender | r80.10 |
Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | mobile_access_portal_agent | r80.40 |
| checkpoint | mobile_access_portal_agent | r81 |
| checkpoint | mobile_access_portal_agent | r80.20 |
| checkpoint | mobile_access_portal_agent | r80.30 |
| checkpoint | mobile_access_portal_agent | r81.10 |
The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-427,CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | sandblast_agent_for_browsers | * |
| checkpoint | harmony_browse | * |
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-427,CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security | * |
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | gaia_os | - |
| checkpoint | gaia_portal | * |
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| siemens | simatic_s7-1200_cpu_1212fc_firmware | * |
| oracle | mysql_connectors | * |
| siemens | simatic_pdm_firmware | * |
| siemens | sinema_server | 14.0 |
| siemens | simatic_net_cp_1243-1_firmware | * |
| netapp | oncommand_workflow_automation | - |
| siemens | scalance_s615_firmware | * |
| oracle | enterprise_manager_for_storage_management | 13.4.0.0 |
| siemens | simatic_rf185c_firmware | * |
| siemens | simatic_net_cp_1542sp-1_irc_firmware | * |
| siemens | simatic_s7-1200_cpu_1212c_firmware | * |
| siemens | simatic_process_historian_opc_ua_server_firmware | * |
| oracle | graalvm | 19.3.5 |
| siemens | scalance_xr528-6m_firmware | * |
| siemens | simatic_wincc_telecontrol | - |
| netapp | santricity_smi-s_provider | - |
| mcafee | web_gateway | 8.2.19 |
| siemens | scalance_w700_firmware | * |
| siemens | scalance_xb-200_firmware | * |
| checkpoint | quantum_security_gateway_firmware | r80.40 |
| mcafee | web_gateway | 9.2.10 |
| tenable | tenable.sc | * |
| siemens | simatic_cp_1242-7_gprs_v2_firmware | * |
| sonicwall | sonicos | 7.0.1.0 |
| siemens | simatic_logon | * |
| siemens | simatic_rf188ci_firmware | * |
| netapp | storagegrid | - |
| siemens | scalance_xr524-8c_firmware | * |
| tenable | log_correlation_engine | * |
| siemens | scalance_xr-300wg_firmware | * |
| siemens | scalance_xr552-12_firmware | * |
| siemens | simatic_cloud_connect_7_firmware | - |
| checkpoint | quantum_security_management_firmware | r81 |
| siemens | sinec_infrastructure_network_services | * |
| siemens | sinumerik_opc_ua_server | * |
| tenable | nessus_network_monitor | 5.11.0 |
| netapp | active_iq_unified_manager | - |
| siemens | simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware | * |
| oracle | jd_edwards_enterpriseone_tools | * |
| nodejs | node.js | * |
| siemens | simatic_net_cp1243-7_lte_eu_firmware | * |
| siemens | simatic_mv500_firmware | * |
| siemens | ruggedcom_rcm1224_firmware | * |
| siemens | tia_administrator | * |
| siemens | simatic_s7-1200_cpu_1214c_firmware | * |
| siemens | simatic_wincc_runtime_advanced | * |
| siemens | simatic_cp_1242-7_gprs_v2_firmware | - |
| siemens | scalance_xf-200ba_firmware | * |
| siemens | simatic_pcs_neo_firmware | * |
| checkpoint | quantum_security_management_firmware | r80.40 |
| siemens | tim_1531_irc_firmware | * |
| siemens | simatic_net_cp_1545-1_firmware | * |
| siemens | sinec_pni | - |
| netapp | snapcenter | - |
| oracle | primavera_unifier | 19.12 |
| tenable | nessus | * |
| tenable | nessus_network_monitor | 5.12.0 |
| siemens | simatic_s7-1200_cpu_1215_fc_firmware | * |
| siemens | simatic_hmi_basic_panels_2nd_generation_firmware | * |
| siemens | simatic_net_cp_1243-8_irc_firmware | * |
| siemens | scalance_s602_firmware | * |
| oracle | zfs_storage_appliance_kit | 8.8 |
| siemens | scalance_xc-200_firmware | * |
| siemens | sinamics_connect_300_firmware | * |
| mcafee | web_gateway_cloud_service | 9.2.10 |
| siemens | simatic_rf186ci_firmware | * |
| oracle | mysql_server | * |
| siemens | scalance_m-800_firmware | * |
| siemens | simatic_s7-1200_cpu_1215c_firmware | * |
| siemens | simatic_hmi_comfort_outdoor_panels_firmware | * |
| siemens | scalance_s627-2m_firmware | * |
| netapp | oncommand_insight | - |
| oracle | peoplesoft_enterprise_peopletools | 8.57 |
| debian | debian_linux | 9.0 |
| sonicwall | sma100_firmware | * |
| oracle | essbase | 21.2 |
| freebsd | freebsd | 12.2 |
| siemens | scalance_lpe9403_firmware | * |
| mcafee | web_gateway_cloud_service | 8.2.19 |
| siemens | simatic_rf166c_firmware | * |
| siemens | simatic_rf360r_firmware | * |
| checkpoint | quantum_security_gateway_firmware | r81 |
| mcafee | web_gateway_cloud_service | 10.1.1 |
| openssl | openssl | * |
| tenable | nessus_network_monitor | 5.13.0 |
| oracle | graalvm | 21.0.0.2 |
| siemens | sinec_nms | 1.0 |
| siemens | scalance_s612_firmware | * |
| siemens | scalance_sc-600_firmware | * |
| oracle | mysql_workbench | * |
| siemens | simatic_rf186c_firmware | * |
| checkpoint | multi-domain_management_firmware | r80.40 |
| siemens | simatic_s7-1200_cpu_1214_fc_firmware | * |
| sonicwall | capture_client | 3.5 |
| tenable | nessus_network_monitor | 5.12.1 |
| siemens | simatic_net_cp_1543-1_firmware | * |
| oracle | graalvm | 20.3.1.2 |
| siemens | simatic_s7-1200_cpu_1211c_firmware | * |
| debian | debian_linux | 10.0 |
| siemens | scalance_s623_firmware | * |
| siemens | simatic_cloud_connect_7_firmware | * |
| siemens | simatic_net_cp1243-7_lte_us_firmware | * |
| siemens | simatic_pcs_7_telecontrol_firmware | * |
| netapp | ontap_select_deploy_administration_utility | - |
| oracle | peoplesoft_enterprise_peopletools | 8.59 |
| netapp | cloud_volumes_ontap_mediator | - |
| siemens | scalance_xm-400_firmware | * |
| oracle | secure_backup | * |
| siemens | simatic_hmi_ktp_mobile_panels_firmware | * |
| fedoraproject | fedora | 34 |
| siemens | scalance_w1700_firmware | * |
| siemens | scalance_xp-200_firmware | * |
| oracle | secure_global_desktop | 5.6 |
| oracle | jd_edwards_world_security | a9.4 |
| oracle | communications_communications_policy_management | 12.6.0.0.0 |
| oracle | primavera_unifier | 20.12 |
| siemens | simatic_s7-1200_cpu_1217c_firmware | * |
| oracle | primavera_unifier | 21.12 |
| checkpoint | multi-domain_management_firmware | r81 |
| siemens | simatic_rf188c_firmware | * |
| oracle | primavera_unifier | * |
| netapp | e-series_performance_analyzer | - |
| siemens | scalance_xr526-8c_firmware | * |
| tenable | nessus_network_monitor | 5.11.1 |
| mcafee | web_gateway | 10.1.1 |
| siemens | simatic_logon | 1.5 |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
| siemens | simatic_net_cp_1543sp-1_firmware | * |
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-65,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security | * |
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,CWE-269,CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm | * |
Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 2.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L | 0.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-470,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security | e85 |
| checkpoint | endpoint_security | e86.30 |
| checkpoint | harmony_endpoint | e86.10 |
| checkpoint | endpoint_security | e83 |
| checkpoint | harmony_endpoint | e83 |
| checkpoint | harmony_endpoint | e85 |
| checkpoint | endpoint_security | e86.40 |
| checkpoint | harmony_endpoint | e84 |
| checkpoint | harmony_endpoint | e86.30 |
| checkpoint | harmony_endpoint | e86.20 |
| checkpoint | harmony_endpoint | e86.40 |
| checkpoint | endpoint_security | e86.20 |
| checkpoint | endpoint_security | e86.10 |
| checkpoint | endpoint_security | e84 |
A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | capsule_workspace | * |
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | ssl_network_extender | r80.30 |
| checkpoint | ssl_network_extender | r80.20 |
| checkpoint | ssl_network_extender | r80.40 |
| checkpoint | ssl_network_extender | r81.10 |
| checkpoint | ssl_network_extender | r80.20sp |
| checkpoint | ssl_network_extender | r80.30sp |
| checkpoint | ssl_network_extender | r81 |
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm | * |
Local user may lead to privilege escalation using Gaia Portal hostnames page.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | gaia_portal | r81.10 |
| checkpoint | gaia_portal | r81.20 |
| checkpoint | gaia_portal | r80.40 |
| checkpoint | gaia_portal | r81 |
Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security | e87.30 |
Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | endpoint_security | e85 |
| checkpoint | endpoint_security | e86 |
| checkpoint | endpoint_security | e84 |
A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm_extreme_security | * |
| checkpoint | identity_agent | * |
| checkpoint | zonealarm_extreme_security_nextgen | * |
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@checkpoint.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | gaia_os | r81.20 |
| checkpoint | gaia_os | r82 |
| checkpoint | gaia_os | r81 |
| checkpoint | gaia_os | r81.10 |
A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | harmony_endpoint | * |
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@checkpoint.com | 8.0 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | gaia_os | r81.20 |
| checkpoint | gaia_os | r81 |
| checkpoint | gaia_os | r81.10 |
Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@checkpoint.com | 6.1 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 0.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | smartconsole | r82 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.20 |
Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@checkpoint.com | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 0.6 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.20 |
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@checkpoint.com | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 3.9 | 4.0 |
| nvd@nist.gov | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 3.9 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | cloudguard_network_security | r81 |
| checkpoint | quantum_spark_firmware | r81 |
| checkpoint | quantum_security_gateway_firmware | r81.0 |
| checkpoint | quantum_security_gateway_firmware | r81 |
| checkpoint | cloudguard_network_security | r81.0 |
| checkpoint | quantum_spark_firmware | r80.20 |
| checkpoint | quantum_security_gateway_firmware | r81.20 |
| checkpoint | cloudguard_network_security | r81.20 |
| checkpoint | cloudguard_network_security | r80.40 |
| checkpoint | quantum_security_gateway_firmware | r81.10 |
| checkpoint | quantum_spark_firmware | r81.10 |
| checkpoint | quantum_spark_firmware | r80.40 |
| checkpoint | quantum_security_gateway_firmware | r80.40 |
| checkpoint | cloudguard_network_security | r81.10 |
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@checkpoint.com | 5.0 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N | 3.1 | 1.4 |
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | mobile_access | - |
| checkpoint | remote_access_vpn | - |
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@checkpoint.com | 3.5 | LOW | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N | 2.1 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | mobile_access | - |
| checkpoint | remote_access_vpn | - |
For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@checkpoint.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | mobile_access | - |
| checkpoint | remote_access_vpn | - |
Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21677.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm_extreme_security | 4.0.148.0 |
| checkpoint | zonealarm_extreme_security_nextgen | 4.0.148 |
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
| cve@checkpoint.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L | 2.2 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | log_server | r81.20 |
| checkpoint | log_server | r82 |
| checkpoint | log_server | r81.10 |
Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| cve@checkpoint.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkpoint | harmony_sase | - |