MidnightBSD

Advisories for checkpoint

CVE-1999-0675 MEDIUM

Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
CVE-1999-0770 LOW

Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
CVE-1999-0895 HIGH

Firewall-1 does not properly restrict access to LDAP attributes.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.0
CVE-1999-1204 HIGH

Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 *
CVE-2000-0116 HIGH

Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
CVE-2000-0150 HIGH

Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
cisco pix_firewall_software 4.1(6)
cisco pix_firewall_software 4.3
cisco pix_firewall_software 4.2(1)
cisco pix_firewall_software 4.2(2)
cisco pix_firewall_software 5.0
cisco pix_firewall_software 4.1(6b)
cisco pix_firewall_software 4.4(4)
CVE-2000-0181 MEDIUM

Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2000-0482 MEDIUM

Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2000-0582 MEDIUM

Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2000-0779 HIGH

Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2000-0804 HIGH

Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2000-0805 HIGH

Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2000-0806 MEDIUM

The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2000-0807 HIGH

The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2000-0808 HIGH

The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2000-0809 MEDIUM

Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2000-0813 MEDIUM

Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2000-1032 MEDIUM

The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
CVE-2000-1037 HIGH

Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2000-1201 MEDIUM

Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 *
CVE-2001-0082 HIGH

Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.1
CVE-2001-0182 MEDIUM

FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.1
CVE-2001-0682 LOW

ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-667,

Products Affected

Vendor Product Version
checkpoint zonealarm_pro *
zonelabs zonealarm *
CVE-2001-0940 HIGH

Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2001-1101 MEDIUM

The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2001-1102 MEDIUM

Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2001-1158 HIGH

Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.1
checkpoint firewall-1 4.1_build_41439
CVE-2001-1171 HIGH

Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 3.0b
CVE-2001-1176 HIGH

Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.1
checkpoint provider-1 4.1
checkpoint vpn-1 4.1
CVE-2001-1303 MEDIUM

The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2001-1431 MEDIUM

Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nokia firewall_appliance ipso_3.3
nokia firewall_appliance ipso_3.4
checkpoint firewall-1 4.1
checkpoint vpn-1 4.1
nokia firewall_appliance ipso_3.41
CVE-2001-1499 MEDIUM

Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint vpn-1 4.1
CVE-2002-0428 HIGH

Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
checkpoint check_point_vpn 1_4.1
checkpoint check_point_vpn 1_4.1_sp2
checkpoint check_point_vpn 1_4.1_sp3
checkpoint check_point_vpn 1_4.1_sp4
checkpoint check_point_vpn 1_4.1_sp1
checkpoint next_generation *
CVE-2002-1623 MEDIUM

The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint vpn-1_firewall-1 4.0
checkpoint vpn-1_firewall-1 4.1
CVE-2002-2405 MEDIUM

Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
checkpoint firewall-1 ng
checkpoint firewall-1 4.1
CVE-2003-0757 MEDIUM

Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
CVE-2004-0039 HIGH

Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 *
CVE-2004-0040 HIGH

Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.1
checkpoint firewall-1 next_generation_fp1
checkpoint vpn-1 4.1
checkpoint firewall-1 next_generation_fp0
checkpoint vpn-1 next_generation_fp0
checkpoint vpn-1 next_generation_fp1
CVE-2004-0079 MEDIUM

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
avaya vsu 7500_r2.0.1
securecomputing sidewinder 5.2.0.03
openssl openssl 0.9.6g
cisco pix_firewall_software 6.1(2)
checkpoint firewall-1 next_generation_fp0
checkpoint vpn-1 vsx_ng_with_application_intelligence
cisco pix_firewall_software 6.1(1)
cisco pix_firewall_software 6.0(4.101)
sun crypto_accelerator_4000 1.0
stonesoft stonegate 1.7.2
vmware gsx_server 2.0
cisco ios 12.1(13)e9
openssl openssl 0.9.7c
novell edirectory 8.7.1
avaya intuity_audix s3400
cisco webns 6.10
lite speed_technologies_litespeed_web_server 1.2.2
bluecoat proxysg *
stonesoft stonegate_vpn_client 2.0.8
neoteris instant_virtual_extranet 3.1
lite speed_technologies_litespeed_web_server 1.3_rc3
avaya vsu 10000_r2.0.1
novell edirectory 8.0
avaya s8300 r2.0.0
cisco webns 7.10
freebsd freebsd 4.8
stonesoft stonegate 1.6.3
sco openserver 5.0.6
tarantella tarantella_enterprise 3.30
cisco ios 12.2sy
cisco pix_firewall_software 6.2
cisco secure_content_accelerator 10000
stonesoft stonegate_vpn_client 1.7.2
cisco pix_firewall_software 6.2(2)
neoteris instant_virtual_extranet 3.3
stonesoft stonegate 1.7
freebsd freebsd 5.2
cisco css11000_content_services_switch *
freebsd freebsd 5.1
novell edirectory 8.5.12a
stonesoft stonegate 2.2
cisco pix_firewall_software 6.0
avaya sg203 4.31.29
checkpoint vpn-1 next_generation_fp0
lite speed_technologies_litespeed_web_server 1.3.1
openssl openssl 0.9.6j
securecomputing sidewinder 5.2.1
cisco webns 7.1_0.1.02
stonesoft stonebeat_fullcluster 1_3.0
checkpoint firewall-1 *
lite speed_technologies_litespeed_web_server 1.2_rc1
4d webstar 5.3.1
securecomputing sidewinder 5.2.0.01
hp aaa_server *
lite speed_technologies_litespeed_web_server 1.1
redhat openssl 0.9.6b-3
cisco application_and_content_networking_software *
dell bsafe_ssl-j 3.1
cisco ios 12.1(19)e1
hp wbem a.02.00.00
cisco call_manager *
cisco pix_firewall_software 6.2(1)
novell edirectory 8.5
stonesoft stonegate 1.6.2
openssl openssl 0.9.7a
checkpoint vpn-1 next_generation_fp1
stonesoft stonegate_vpn_client 2.0.7
cisco pix_firewall_software 6.1(5)
cisco pix_firewall_software 6.0(3)
avaya vsu 5000_r2.0.1
stonesoft stonegate 2.0.1
redhat enterprise_linux 3.0
freebsd freebsd 4.9
cisco webns 6.10_b4
lite speed_technologies_litespeed_web_server 1.1.1
vmware gsx_server 2.5.1
avaya vsu 5x
cisco ios 12.2za
stonesoft stonegate_vpn_client 1.7
bluecoat cacheos_ca_sa 4.1.12
hp hp-ux 11.00
openssl openssl 0.9.7
avaya vsu 2000_r2.0.1
stonesoft stonegate 2.0.7
cisco pix_firewall_software 6.2(3)
cisco webns 7.10_.0.06s
checkpoint vpn-1 next_generation_fp2
stonesoft servercluster 2.5.2
avaya vsu 5
cisco ios 12.1(11b)e14
hp apache-based_web_server 2.0.43.04
lite speed_technologies_litespeed_web_server 1.2.1
neoteris instant_virtual_extranet 3.0
securecomputing sidewinder 5.2.0.04
stonesoft servercluster 2.5
apple mac_os_x_server 10.3.3
cisco pix_firewall_software 6.3(2)
avaya s8300 r2.0.1
stonesoft stonegate 2.2.1
redhat linux 7.2
avaya vsu 500
cisco webns 7.2_0.0.03
securecomputing sidewinder 5.2.1.02
avaya sg5 4.4
lite speed_technologies_litespeed_web_server 1.0.1
cisco css_secure_content_accelerator 2.0
stonesoft stonebeat_fullcluster 3.0
cisco ios 12.1(11b)e
lite speed_technologies_litespeed_web_server 1.2_rc2
stonesoft stonegate 1.7.1
avaya intuity_audix s3210
stonesoft stonegate 1.5.18
neoteris instant_virtual_extranet 3.3.1
sgi propack 3.0
cisco okena_stormwatch 3.2
cisco pix_firewall_software 6.3
cisco firewall_services_module 2.1_(0.208)
avaya sg208 4.4
bluecoat cacheos_ca_sa 4.1.10
openssl openssl 0.9.6d
novell edirectory 8.5.27
symantec clientless_vpn_gateway_4400 5.0
openbsd openbsd 3.3
cisco pix_firewall_software 6.2(3.100)
redhat linux 7.3
cisco gss_4490_global_site_selector *
neoteris instant_virtual_extranet 3.2
tarantella tarantella_enterprise 3.40
openbsd openbsd 3.4
cisco ios 12.2(14)sy1
vmware gsx_server 3.0_build_7592
hp hp-ux 11.23
4d webstar 5.2.1
avaya intuity_audix *
hp hp-ux 8.05
cisco css_secure_content_accelerator 1.0
avaya intuity_audix 5.1.46
cisco ios 12.1(11)e
checkpoint provider-1 4.1
securecomputing sidewinder 5.2.0.02
lite speed_technologies_litespeed_web_server 1.3
vmware gsx_server 2.0.1_build_2129
cisco firewall_services_module 1.1_(3.005)
stonesoft stonegate_vpn_client 2.0.9
cisco ios 12.2(14)sy
cisco ciscoworks_common_services 2.2
redhat enterprise_linux_desktop 3.0
openssl openssl 0.9.6f
openssl openssl 0.9.7b
hp hp-ux 11.11
cisco gss_4480_global_site_selector *
avaya s8500 r2.0.0
avaya sg200 4.4
novell edirectory 8.6.2
avaya sg200 4.31.29
cisco pix_firewall 6.2.2_.111
cisco pix_firewall_software 6.1
cisco pix_firewall_software 6.3(3.102)
stonesoft stonegate 2.1
avaya sg5 4.2
stonesoft stonegate 2.0.6
cisco pix_firewall_software 6.1(4)
redhat openssl 0.9.6-15
4d webstar 5.2
stonesoft stonegate_vpn_client 2.0
cisco pix_firewall_software 6.0(4)
avaya vsu 100_r2.0.1
4d webstar 5.2.4
checkpoint firewall-1 next_generation_fp2
avaya sg203 4.4
avaya converged_communications_server 2.0
stonesoft stonebeat_fullcluster 2.0
openssl openssl 0.9.6h
lite speed_technologies_litespeed_web_server 1.3_rc2
stonesoft stonegate 2.2.4
sgi propack 2.3
cisco firewall_services_module 1.1.2
4d webstar 5.3
apple mac_os_x 10.3.3
openssl openssl 0.9.6c
stonesoft stonegate 2.0.5
redhat openssl 0.9.7a-2
cisco mds_9000 *
lite speed_technologies_litespeed_web_server 1.0.3
sco openserver 5.0.7
hp apache-based_web_server 2.0.43.00
checkpoint firewall-1 2.0
stonesoft stonegate 1.5.17
openssl openssl 0.9.6i
4d webstar 4.0
avaya s8700 r2.0.1
cisco firewall_services_module *
cisco firewall_services_module 1.1.3
4d webstar 5.2.3
stonesoft stonebeat_fullcluster 1_2.0
vmware gsx_server 2.5.1_build_5336
sgi propack 2.4
4d webstar 5.2.2
openssl openssl 0.9.6e
stonesoft stonebeat_webcluster 2.0
cisco ios 12.1(11b)e12
cisco access_registrar *
avaya s8700 r2.0.0
lite speed_technologies_litespeed_web_server 1.0.2
securecomputing sidewinder 5.2
avaya sg5 4.3
cisco pix_firewall_software 6.1(3)
cisco content_services_switch_11500 *
stonesoft stonegate 2.0.9
avaya sg208 *
stonesoft stonebeat_webcluster 2.5
redhat linux 8.0
dell bsafe_ssl-j 3.0
hp wbem a.01.05.08
novell edirectory 8.7
checkpoint firewall-1 next_generation_fp1
cisco threat_response *
novell imanager 1.5
avaya s8500 r2.0.1
stonesoft stonebeat_securitycluster 2.5
cisco ciscoworks_common_management_foundation 2.1
lite speed_technologies_litespeed_web_server 1.3_rc1
cisco webns 7.1_0.2.06
stonesoft stonegate 2.0.4
cisco pix_firewall_software 6.3(3.109)
cisco pix_firewall_software 6.0(2)
novell imanager 2.0
freebsd freebsd 5.2.1
cisco pix_firewall_software 6.3(1)
dell bsafe_ssl-j 3.0.1
stonesoft stonegate 2.0.8
cisco pix_firewall_software 6.0(1)
stonesoft stonebeat_fullcluster 2.5
hp wbem a.02.00.01
stonesoft stonebeat_securitycluster 2.0
openssl openssl 0.9.6k
tarantella tarantella_enterprise 3.20
CVE-2004-0081 MEDIUM

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya vsu 7500_r2.0.1
securecomputing sidewinder 5.2.0.03
openssl openssl 0.9.6g
cisco pix_firewall_software 6.1(2)
checkpoint firewall-1 next_generation_fp0
checkpoint vpn-1 vsx_ng_with_application_intelligence
cisco pix_firewall_software 6.1(1)
cisco pix_firewall_software 6.0(4.101)
sun crypto_accelerator_4000 1.0
stonesoft stonegate 1.7.2
vmware gsx_server 2.0
cisco ios 12.1(13)e9
openssl openssl 0.9.7c
novell edirectory 8.7.1
avaya intuity_audix s3400
cisco webns 6.10
lite speed_technologies_litespeed_web_server 1.2.2
bluecoat proxysg *
stonesoft stonegate_vpn_client 2.0.8
neoteris instant_virtual_extranet 3.1
lite speed_technologies_litespeed_web_server 1.3_rc3
avaya vsu 10000_r2.0.1
novell edirectory 8.0
avaya s8300 r2.0.0
cisco webns 7.10
freebsd freebsd 4.8
stonesoft stonegate 1.6.3
sco openserver 5.0.6
tarantella tarantella_enterprise 3.30
cisco ios 12.2sy
cisco pix_firewall_software 6.2
cisco secure_content_accelerator 10000
stonesoft stonegate_vpn_client 1.7.2
cisco pix_firewall_software 6.2(2)
neoteris instant_virtual_extranet 3.3
stonesoft stonegate 1.7
freebsd freebsd 5.2
checkpoint vpn-1 next_generation
cisco css11000_content_services_switch *
freebsd freebsd 5.1
novell edirectory 8.5.12a
stonesoft stonegate 2.2
cisco pix_firewall_software 6.0
avaya sg203 4.31.29
checkpoint vpn-1 next_generation_fp0
lite speed_technologies_litespeed_web_server 1.3.1
openssl openssl 0.9.6j
securecomputing sidewinder 5.2.1
cisco webns 7.1_0.1.02
stonesoft stonebeat_fullcluster 1_3.0
checkpoint firewall-1 *
lite speed_technologies_litespeed_web_server 1.2_rc1
4d webstar 5.3.1
securecomputing sidewinder 5.2.0.01
hp aaa_server *
lite speed_technologies_litespeed_web_server 1.1
redhat openssl 0.9.6b-3
cisco application_and_content_networking_software *
dell bsafe_ssl-j 3.1
cisco ios 12.1(19)e1
hp wbem a.02.00.00
cisco call_manager *
cisco pix_firewall_software 6.2(1)
novell edirectory 8.5
stonesoft stonegate 1.6.2
openssl openssl 0.9.7a
checkpoint vpn-1 next_generation_fp1
stonesoft stonegate_vpn_client 2.0.7
cisco pix_firewall_software 6.1(5)
cisco pix_firewall_software 6.0(3)
avaya vsu 5000_r2.0.1
stonesoft stonegate 2.0.1
redhat enterprise_linux 3.0
freebsd freebsd 4.9
cisco webns 6.10_b4
lite speed_technologies_litespeed_web_server 1.1.1
vmware gsx_server 2.5.1
avaya vsu 5x
cisco ios 12.2za
stonesoft stonegate_vpn_client 1.7
bluecoat cacheos_ca_sa 4.1.12
hp hp-ux 11.00
openssl openssl 0.9.7
avaya vsu 2000_r2.0.1
stonesoft stonegate 2.0.7
cisco pix_firewall_software 6.2(3)
cisco webns 7.10_.0.06s
stonesoft servercluster 2.5.2
avaya vsu 5
cisco ios 12.1(11b)e14
hp apache-based_web_server 2.0.43.04
lite speed_technologies_litespeed_web_server 1.2.1
neoteris instant_virtual_extranet 3.0
securecomputing sidewinder 5.2.0.04
stonesoft servercluster 2.5
apple mac_os_x_server 10.3.3
cisco pix_firewall_software 6.3(2)
avaya s8300 r2.0.1
stonesoft stonegate 2.2.1
redhat linux 7.2
avaya vsu 500
cisco webns 7.2_0.0.03
securecomputing sidewinder 5.2.1.02
avaya sg5 4.4
lite speed_technologies_litespeed_web_server 1.0.1
cisco css_secure_content_accelerator 2.0
stonesoft stonebeat_fullcluster 3.0
cisco ios 12.1(11b)e
lite speed_technologies_litespeed_web_server 1.2_rc2
stonesoft stonegate 1.7.1
avaya intuity_audix s3210
stonesoft stonegate 1.5.18
neoteris instant_virtual_extranet 3.3.1
sgi propack 3.0
cisco okena_stormwatch 3.2
cisco pix_firewall_software 6.3
cisco firewall_services_module 2.1_(0.208)
avaya sg208 4.4
bluecoat cacheos_ca_sa 4.1.10
openssl openssl 0.9.6d
novell edirectory 8.5.27
symantec clientless_vpn_gateway_4400 5.0
openbsd openbsd 3.3
cisco pix_firewall_software 6.2(3.100)
redhat linux 7.3
cisco gss_4490_global_site_selector *
neoteris instant_virtual_extranet 3.2
tarantella tarantella_enterprise 3.40
openbsd openbsd 3.4
cisco ios 12.2(14)sy1
vmware gsx_server 3.0_build_7592
hp hp-ux 11.23
4d webstar 5.2.1
avaya intuity_audix *
hp hp-ux 8.05
cisco css_secure_content_accelerator 1.0
avaya intuity_audix 5.1.46
cisco ios 12.1(11)e
checkpoint provider-1 4.1
securecomputing sidewinder 5.2.0.02
lite speed_technologies_litespeed_web_server 1.3
vmware gsx_server 2.0.1_build_2129
cisco firewall_services_module 1.1_(3.005)
stonesoft stonegate_vpn_client 2.0.9
cisco ios 12.2(14)sy
cisco ciscoworks_common_services 2.2
redhat enterprise_linux_desktop 3.0
openssl openssl 0.9.6f
openssl openssl 0.9.7b
hp hp-ux 11.11
cisco gss_4480_global_site_selector *
avaya s8500 r2.0.0
avaya sg200 4.4
novell edirectory 8.6.2
avaya sg200 4.31.29
cisco pix_firewall 6.2.2_.111
cisco pix_firewall_software 6.1
cisco pix_firewall_software 6.3(3.102)
stonesoft stonegate 2.1
avaya sg5 4.2
stonesoft stonegate 2.0.6
cisco pix_firewall_software 6.1(4)
redhat openssl 0.9.6-15
4d webstar 5.2
stonesoft stonegate_vpn_client 2.0
cisco pix_firewall_software 6.0(4)
avaya vsu 100_r2.0.1
4d webstar 5.2.4
checkpoint firewall-1 next_generation_fp2
avaya sg203 4.4
avaya converged_communications_server 2.0
stonesoft stonebeat_fullcluster 2.0
openssl openssl 0.9.6h
lite speed_technologies_litespeed_web_server 1.3_rc2
stonesoft stonegate 2.2.4
sgi propack 2.3
cisco firewall_services_module 1.1.2
4d webstar 5.3
apple mac_os_x 10.3.3
openssl openssl 0.9.6c
stonesoft stonegate 2.0.5
redhat openssl 0.9.7a-2
cisco mds_9000 *
lite speed_technologies_litespeed_web_server 1.0.3
sco openserver 5.0.7
hp apache-based_web_server 2.0.43.00
checkpoint firewall-1 2.0
stonesoft stonegate 1.5.17
openssl openssl 0.9.6i
4d webstar 4.0
avaya s8700 r2.0.1
cisco firewall_services_module *
cisco firewall_services_module 1.1.3
4d webstar 5.2.3
stonesoft stonebeat_fullcluster 1_2.0
vmware gsx_server 2.5.1_build_5336
sgi propack 2.4
4d webstar 5.2.2
openssl openssl 0.9.6e
stonesoft stonebeat_webcluster 2.0
cisco ios 12.1(11b)e12
cisco access_registrar *
avaya s8700 r2.0.0
lite speed_technologies_litespeed_web_server 1.0.2
securecomputing sidewinder 5.2
avaya sg5 4.3
cisco pix_firewall_software 6.1(3)
cisco content_services_switch_11500 *
stonesoft stonegate 2.0.9
avaya sg208 *
stonesoft stonebeat_webcluster 2.5
redhat linux 8.0
dell bsafe_ssl-j 3.0
hp wbem a.01.05.08
novell edirectory 8.7
checkpoint firewall-1 next_generation_fp1
cisco threat_response *
novell imanager 1.5
avaya s8500 r2.0.1
stonesoft stonebeat_securitycluster 2.5
cisco ciscoworks_common_management_foundation 2.1
lite speed_technologies_litespeed_web_server 1.3_rc1
cisco webns 7.1_0.2.06
stonesoft stonegate 2.0.4
cisco pix_firewall_software 6.3(3.109)
cisco pix_firewall_software 6.0(2)
novell imanager 2.0
freebsd freebsd 5.2.1
cisco pix_firewall_software 6.3(1)
dell bsafe_ssl-j 3.0.1
stonesoft stonegate 2.0.8
cisco pix_firewall_software 6.0(1)
stonesoft stonebeat_fullcluster 2.5
hp wbem a.02.00.01
stonesoft stonebeat_securitycluster 2.0
openssl openssl 0.9.6k
tarantella tarantella_enterprise 3.20
CVE-2004-0112 MEDIUM

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
avaya vsu 7500_r2.0.1
securecomputing sidewinder 5.2.0.03
openssl openssl 0.9.6g
cisco pix_firewall_software 6.1(2)
forcepoint stonegate 2.0.6
checkpoint firewall-1 next_generation_fp0
checkpoint vpn-1 vsx_ng_with_application_intelligence
cisco pix_firewall_software 6.1(1)
cisco pix_firewall_software 6.0(4.101)
sun crypto_accelerator_4000 1.0
vmware gsx_server 2.0
cisco ios 12.1(13)e9
openssl openssl 0.9.7c
novell edirectory 8.7.1
forcepoint stonegate 1.7.1
avaya intuity_audix s3400
cisco webns 6.10
bluecoat proxysg *
neoteris instant_virtual_extranet 3.1
avaya vsu 10000_r2.0.1
novell edirectory 8.0
avaya s8300 r2.0.0
cisco webns 7.10
freebsd freebsd 4.8
sco openserver 5.0.6
tarantella tarantella_enterprise 3.30
cisco ios 12.2sy
cisco pix_firewall_software 6.2
forcepoint stonegate 2.2.4
forcepoint stonegate 1.7.2
cisco secure_content_accelerator 10000
cisco pix_firewall_software 6.2(2)
neoteris instant_virtual_extranet 3.3
freebsd freebsd 5.2
cisco css11000_content_services_switch *
freebsd freebsd 5.1
novell edirectory 8.5.12a
cisco pix_firewall_software 6.0
avaya sg203 4.31.29
checkpoint vpn-1 next_generation_fp0
openssl openssl 0.9.6j
securecomputing sidewinder 5.2.1
cisco webns 7.1_0.1.02
stonesoft stonebeat_fullcluster 1_3.0
checkpoint firewall-1 *
4d webstar 5.3.1
forcepoint stonegate 2.0.8
securecomputing sidewinder 5.2.0.01
hp aaa_server *
redhat openssl 0.9.6b-3
cisco application_and_content_networking_software *
dell bsafe_ssl-j 3.1
cisco ios 12.1(19)e1
hp wbem a.02.00.00
cisco call_manager *
cisco pix_firewall_software 6.2(1)
novell edirectory 8.5
openssl openssl 0.9.7a
checkpoint vpn-1 next_generation_fp1
litespeedtech litespeed_web_server 1.0.1
cisco pix_firewall_software 6.1(5)
cisco pix_firewall_software 6.0(3)
avaya vsu 5000_r2.0.1
redhat enterprise_linux 3.0
freebsd freebsd 4.9
cisco webns 6.10_b4
vmware gsx_server 2.5.1
avaya vsu 5x
cisco ios 12.2za
bluecoat cacheos_ca_sa 4.1.12
hp hp-ux 11.00
openssl openssl 0.9.7
avaya vsu 2000_r2.0.1
cisco pix_firewall_software 6.2(3)
cisco webns 7.10_.0.06s
checkpoint vpn-1 next_generation_fp2
stonesoft servercluster 2.5.2
avaya vsu 5
forcepoint stonegate 1.7
cisco ios 12.1(11b)e14
hp apache-based_web_server 2.0.43.04
neoteris instant_virtual_extranet 3.0
securecomputing sidewinder 5.2.0.04
stonesoft servercluster 2.5
apple mac_os_x_server 10.3.3
cisco pix_firewall_software 6.3(2)
avaya s8300 r2.0.1
redhat linux 7.2
forcepoint stonegate 2.0.7
avaya vsu 500
cisco webns 7.2_0.0.03
securecomputing sidewinder 5.2.1.02
avaya sg5 4.4
cisco css_secure_content_accelerator 2.0
stonesoft stonebeat_fullcluster 3.0
cisco ios 12.1(11b)e
avaya intuity_audix s3210
neoteris instant_virtual_extranet 3.3.1
sgi propack 3.0
cisco okena_stormwatch 3.2
cisco pix_firewall_software 6.3
cisco firewall_services_module 2.1_(0.208)
avaya sg208 4.4
bluecoat cacheos_ca_sa 4.1.10
openssl openssl 0.9.6d
novell edirectory 8.5.27
symantec clientless_vpn_gateway_4400 5.0
openbsd openbsd 3.3
cisco pix_firewall_software 6.2(3.100)
redhat linux 7.3
cisco gss_4490_global_site_selector *
forcepoint stonegate 2.0.4
neoteris instant_virtual_extranet 3.2
tarantella tarantella_enterprise 3.40
openbsd openbsd 3.4
cisco ios 12.2(14)sy1
vmware gsx_server 3.0_build_7592
hp hp-ux 11.23
4d webstar 5.2.1
forcepoint stonegate 2.1
avaya intuity_audix *
hp hp-ux 8.05
cisco css_secure_content_accelerator 1.0
avaya intuity_audix 5.1.46
cisco ios 12.1(11)e
checkpoint provider-1 4.1
securecomputing sidewinder 5.2.0.02
vmware gsx_server 2.0.1_build_2129
cisco firewall_services_module 1.1_(3.005)
cisco ios 12.2(14)sy
cisco ciscoworks_common_services 2.2
redhat enterprise_linux_desktop 3.0
openssl openssl 0.9.6f
openssl openssl 0.9.7b
hp hp-ux 11.11
cisco gss_4480_global_site_selector *
avaya s8500 r2.0.0
avaya sg200 4.4
novell edirectory 8.6.2
avaya sg200 4.31.29
cisco pix_firewall 6.2.2_.111
cisco pix_firewall_software 6.1
cisco pix_firewall_software 6.3(3.102)
forcepoint stonegate 1.5.18
avaya sg5 4.2
cisco pix_firewall_software 6.1(4)
redhat openssl 0.9.6-15
4d webstar 5.2
cisco pix_firewall_software 6.0(4)
avaya vsu 100_r2.0.1
4d webstar 5.2.4
checkpoint firewall-1 next_generation_fp2
avaya sg203 4.4
avaya converged_communications_server 2.0
stonesoft stonebeat_fullcluster 2.0
openssl openssl 0.9.6h
forcepoint stonegate 1.5.17
sgi propack 2.3
cisco firewall_services_module 1.1.2
forcepoint stonegate 1.6.2
4d webstar 5.3
apple mac_os_x 10.3.3
openssl openssl 0.9.6c
redhat openssl 0.9.7a-2
cisco mds_9000 *
sco openserver 5.0.7
forcepoint stonegate 2.2
hp apache-based_web_server 2.0.43.00
checkpoint firewall-1 2.0
openssl openssl 0.9.6i
4d webstar 4.0
avaya s8700 r2.0.1
cisco firewall_services_module *
cisco firewall_services_module 1.1.3
4d webstar 5.2.3
stonesoft stonebeat_fullcluster 1_2.0
vmware gsx_server 2.5.1_build_5336
forcepoint stonegate 2.0.1
sgi propack 2.4
4d webstar 5.2.2
openssl openssl 0.9.6e
stonesoft stonebeat_webcluster 2.0
cisco ios 12.1(11b)e12
cisco access_registrar *
avaya s8700 r2.0.0
securecomputing sidewinder 5.2
avaya sg5 4.3
cisco pix_firewall_software 6.1(3)
cisco content_services_switch_11500 *
avaya sg208 *
stonesoft stonebeat_webcluster 2.5
redhat linux 8.0
dell bsafe_ssl-j 3.0
hp wbem a.01.05.08
novell edirectory 8.7
forcepoint stonegate 1.6.3
checkpoint firewall-1 next_generation_fp1
forcepoint stonegate 2.0.5
cisco threat_response *
novell imanager 1.5
avaya s8500 r2.0.1
stonesoft stonebeat_securitycluster 2.5
cisco ciscoworks_common_management_foundation 2.1
cisco webns 7.1_0.2.06
cisco pix_firewall_software 6.3(3.109)
cisco pix_firewall_software 6.0(2)
forcepoint stonegate 2.0.9
novell imanager 2.0
freebsd freebsd 5.2.1
cisco pix_firewall_software 6.3(1)
forcepoint stonegate 2.2.1
dell bsafe_ssl-j 3.0.1
cisco pix_firewall_software 6.0(1)
stonesoft stonebeat_fullcluster 2.5
hp wbem a.02.00.01
stonesoft stonebeat_securitycluster 2.0
openssl openssl 0.9.6k
tarantella tarantella_enterprise 3.20
CVE-2004-0469 HIGH

Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel negotiation.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint vpn-1 vsx_2.0.1
checkpoint firewall-1 2.0
checkpoint firewall-1 2.0.1
checkpoint firewall-1 *
checkpoint ng-ai r54
checkpoint vpn-1 vsx_ng_with_application_intelligence
checkpoint ng-ai r55
checkpoint next_generation *
CVE-2004-0699 HIGH

Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.1
checkpoint vpn-1 *
CVE-2004-2679 HIGH

Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes Firewall-1 to return a response containing version and other information.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1
checkpoint firewall-1 r55
CVE-2005-0114 LOW

vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint check_point_integrity_client *
zonelabs zonealarm 5.5.062.011
checkpoint check_point_integrity_client 4.5.122.000
zonelabs zonealarm_wireless_security *
CVE-2005-2889 HIGH

Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint connectra_ngx r60
CVE-2005-2932 HIGH

Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
checkpoint zonealarm *
checkpoint zonealarm_security_suite 6.5.737
checkpoint zonealarm_security_suite 5.5.062.004
CVE-2005-3673 HIGH

The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint vpn-1 ngx_r60
checkpoint vpn-1_firewall-1_next_generation r55w
checkpoint firewall-1 3.0
checkpoint express ci_r57
checkpoint vpn-1_firewall-1_next_generation r55
checkpoint check_point *
checkpoint vpn-1_firewall-1_next_generation r55p
checkpoint vpn-1_firewall-1_next_generation r54
CVE-2005-4093 MEDIUM

Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
checkpoint secureclient_ng *
checkpoint vpn-1_secureclient 4.1
checkpoint secureclient_ng r56
checkpoint vpn-1_secureclient 4.0
CVE-2006-0255 HIGH

Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint vpn-1 4.1
checkpoint vpn-1 *
CVE-2008-0662 HIGH

The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
checkpoint vpn-1_secureclient ngx_r60
checkpoint vpn-1_secureclient ngai_r56
CVE-2009-1227 HIGH

NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers." In addition, the original researcher, whose reliability is unknown as of 20090407, also states that the issue "was discovered during a pen-test where the client would not allow further analysis.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
checkpoint firewall-1_pki_web_service -
CVE-2010-5184 MEDIUM

Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
checkpoint zonealarm_extreme_security 9.1.507.000
CVE-2011-1827 HIGH

Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint vpn-1_firewall-1_vsx r67
checkpoint vpn-1 r71.30
checkpoint connectra_ngx r66.1n
checkpoint vpn-1 r75
checkpoint vpn-1 r65.70
checkpoint connectra_ngx r66.1
checkpoint vpn-1 r70.40
checkpoint vpn-1_firewall-1_vsx r65.20
CVE-2011-2664 LOW

Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint multi-domain_management/provider-1 ngx_smartcenter
checkpoint multi-domain_management/provider-1 ngx_r65
checkpoint multi-domain_management/provider-1 ngx_r75
checkpoint multi-domain_management/provider-1 ngx_r70
checkpoint multi-domain_management/provider-1 ngx_r71
CVE-2012-2753 MEDIUM

Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint endpoint_security e80.10
checkpoint endpoint_connect r73
checkpoint endpoint_security r73
checkpoint remote_access_clients e75
checkpoint remote_access_clients e75.10
checkpoint endpoint_security e80
checkpoint endpoint_security e80.30
checkpoint endpoint_security_vpn r75
checkpoint endpoint_security e80.20
checkpoint remote_access_clients e75.20
CVE-2013-5635 LOW

Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
checkpoint endpoint_security e80.10
checkpoint endpoint_security e80.41
checkpoint endpoint_security e80.40
checkpoint endpoint_security e80
checkpoint endpoint_security e80.30
checkpoint endpoint_security e80.20
checkpoint endpoint_security e80.50
CVE-2013-5636 LOW

Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
checkpoint endpoint_security e80.10
checkpoint endpoint_security e80.41
checkpoint endpoint_security e80.40
checkpoint endpoint_security e80
checkpoint endpoint_security e80.30
checkpoint endpoint_security e80.20
checkpoint endpoint_security e80.50
CVE-2013-7304 MEDIUM

Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
checkpoint endpoint_security_mi_server_r73 *
CVE-2013-7311 MEDIUM

The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkpoint ipso_os 6.2
checkpoint gaia_os r76.0
checkpoint gaia_os r75.0
CVE-2013-7350 HIGH

Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown impact and attack vectors related to "important security fixes."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint security_gateway r71.00
checkpoint security_gateway r75.20
checkpoint security_gateway r71.45
CVE-2014-1672 MEDIUM

Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, which allows attackers to bypass intended access restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
checkpoint management_server r75.47
checkpoint security_gateway r75.47
CVE-2014-1673 MEDIUM

Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint session_authentication_agent -
CVE-2014-6271 HIGH

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
suse linux_enterprise_server 12
f5 traffix_signaling_delivery_controller 3.5.1
novell zenworks_configuration_management 11.2
redhat enterprise_linux_server_from_rhui 7.0
ibm workload_deployer *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
f5 big-ip_application_acceleration_manager 11.6.0
ibm smartcloud_entry_appliance 2.3.0
redhat enterprise_linux 7.0
vmware vcenter_server_appliance 5.1
ibm qradar_vulnerability_manager 7.2.4
redhat enterprise_linux_server 6.0
ibm qradar_vulnerability_manager 7.2.6
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_webaccelerator *
opensuse opensuse 13.1
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
f5 traffix_signaling_delivery_controller 3.3.2
redhat enterprise_linux_eus 7.6
ibm storwize_v7000_firmware *
ibm qradar_security_information_and_event_manager 7.2.8
novell zenworks_configuration_management 10.3
redhat enterprise_linux_desktop 6.0
vmware esx 4.0
suse linux_enterprise_desktop 11
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
ibm qradar_security_information_and_event_manager 7.2.0
redhat enterprise_linux 5.0
citrix netscaler_sdx_firmware *
mageia mageia 3.0
ibm qradar_vulnerability_manager 7.2.1
ibm qradar_security_information_and_event_manager 7.2.7
redhat enterprise_linux_eus 5.9
f5 big-ip_wan_optimization_manager *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_from_rhui 5.0
redhat virtualization 3.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
f5 big-ip_analytics *
f5 enterprise_manager *
ibm pureapplication_system 2.0.0.0
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
f5 big-ip_access_policy_manager *
f5 big-ip_advanced_firewall_manager *
redhat gluster_storage_server_for_on-premise 2.1
f5 big-ip_application_security_manager *
qnap qts 4.1.1
ibm san_volume_controller_firmware *
suse linux_enterprise_software_development_kit 11
suse studio_onsite 1.3
f5 big-ip_global_traffic_manager 11.6.0
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
novell open_enterprise_server 2.0
ibm qradar_security_information_and_event_manager 7.2.9
ibm qradar_security_information_and_event_manager 7.1.2
redhat enterprise_linux_eus 6.5
mageia mageia 4.0
ibm stn7800_firmware *
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
debian debian_linux 7.0
ibm qradar_risk_manager 7.1.0
canonical ubuntu_linux 10.04
vmware esx 4.1
oracle linux 4
ibm storwize_v3700_firmware *
redhat enterprise_linux_server_aus 7.6
novell zenworks_configuration_management 11.3.0
ibm qradar_security_information_and_event_manager 7.2.2
redhat enterprise_linux_server_aus 6.5
f5 big-ip_global_traffic_manager *
arista eos *
redhat enterprise_linux_server_from_rhui 6.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
apple mac_os_x *
suse linux_enterprise_software_development_kit 12
ibm qradar_vulnerability_manager 7.2.8
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 6.4
f5 big-ip_edge_gateway *
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
redhat enterprise_linux_server_tus 6.5
ibm qradar_vulnerability_manager 7.2.0
redhat enterprise_linux_eus 6.4
f5 traffix_signaling_delivery_controller 4.1.0
opensuse opensuse 13.2
novell zenworks_configuration_management 11.1
redhat enterprise_linux_workstation 6.0
novell open_enterprise_server 11.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
oracle linux 5
f5 traffix_signaling_delivery_controller *
ibm storwize_v3500_firmware *
ibm qradar_security_information_and_event_manager 7.1.1
f5 big-iq_device *
ibm pureapplication_system *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
ibm flex_system_v7000_firmware *
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
ibm qradar_security_information_and_event_manager 7.2.6
ibm smartcloud_entry_appliance 2.4.0
checkpoint security_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics 11.6.0
ibm starter_kit_for_cloud 2.2.0
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
f5 big-ip_link_controller *
redhat enterprise_linux_server_tus 7.7
f5 big-ip_local_traffic_manager *
qnap qts *
f5 traffix_signaling_delivery_controller 3.4.1
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
ibm smartcloud_entry_appliance 3.2.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
redhat enterprise_linux 4.0
suse linux_enterprise_server 10
redhat enterprise_linux_for_scientific_computing 6.0
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_access_policy_manager 11.6.0
redhat enterprise_linux_server 5.0
opensuse opensuse 12.3
gnu bash *
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
ibm infosphere_guardium_database_activity_monitoring 8.2
vmware vcenter_server_appliance 5.0
f5 big-ip_policy_enforcement_manager *
redhat enterprise_linux_for_power_big_endian 5.9_ppc
ibm qradar_vulnerability_manager 7.2.3
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-iq_security *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
ibm smartcloud_entry_appliance 3.1.0
ibm smartcloud_provisioning 2.1.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
vmware vcenter_server_appliance 5.5
canonical ubuntu_linux 14.04
ibm qradar_vulnerability_manager 7.2.2
redhat enterprise_linux_server_aus 5.6
f5 big-iq_cloud *
canonical ubuntu_linux 12.04
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_workstation 7.0
oracle linux 6
ibm infosphere_guardium_database_activity_monitoring 9.0
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
ibm infosphere_guardium_database_activity_monitoring 9.1
f5 big-ip_protocol_security_module *
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_for_scientific_computing 7.0
ibm qradar_security_information_and_event_manager 7.2.8.15
redhat enterprise_linux_eus 7.4
f5 big-ip_link_controller 11.6.0
redhat enterprise_linux_for_power_big_endian 5.0_ppc
ibm qradar_security_information_and_event_manager 7.2.1
redhat enterprise_linux_server_aus 7.3
ibm qradar_security_information_and_event_manager 7.2.4
redhat enterprise_linux_server_tus 7.3
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm software_defined_network_for_virtual_environments *
redhat enterprise_linux_eus 7.5
ibm qradar_security_information_and_event_manager 7.1.0
ibm storwize_v5000_firmware *
f5 arx_firmware *
redhat enterprise_linux_server_aus 5.9
suse linux_enterprise_server 11
suse linux_enterprise_desktop 12
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
ibm stn6500_firmware *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
redhat enterprise_linux 6.0
ibm qradar_security_information_and_event_manager 7.2.3
ibm qradar_security_information_and_event_manager 7.2.5
redhat enterprise_linux_server_aus 7.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
ibm qradar_security_information_and_event_manager 7.2
f5 big-ip_application_security_manager 11.6.0
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
redhat enterprise_linux_eus 7.3
novell zenworks_configuration_management 11
ibm stn6800_firmware *
CVE-2014-7169 HIGH

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
suse linux_enterprise_server 12
f5 traffix_signaling_delivery_controller 3.5.1
novell zenworks_configuration_management 11.2
redhat enterprise_linux_server_from_rhui 7.0
ibm workload_deployer *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
f5 big-ip_application_acceleration_manager 11.6.0
ibm smartcloud_entry_appliance 2.3.0
redhat enterprise_linux 7.0
vmware vcenter_server_appliance 5.1
ibm qradar_vulnerability_manager 7.2.4
redhat enterprise_linux_server 6.0
ibm qradar_vulnerability_manager 7.2.6
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_webaccelerator *
opensuse opensuse 13.1
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
f5 traffix_signaling_delivery_controller 3.3.2
redhat enterprise_linux_eus 7.6
ibm storwize_v7000_firmware *
ibm qradar_security_information_and_event_manager 7.2.8
novell zenworks_configuration_management 10.3
redhat enterprise_linux_desktop 6.0
vmware esx 4.0
suse linux_enterprise_desktop 11
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
ibm qradar_security_information_and_event_manager 7.2.0
redhat enterprise_linux 5.0
citrix netscaler_sdx_firmware *
mageia mageia 3.0
ibm qradar_vulnerability_manager 7.2.1
ibm qradar_security_information_and_event_manager 7.2.7
redhat enterprise_linux_eus 5.9
f5 big-ip_wan_optimization_manager *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_from_rhui 5.0
redhat virtualization 3.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
f5 big-ip_analytics *
f5 enterprise_manager *
ibm pureapplication_system 2.0.0.0
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
f5 big-ip_access_policy_manager *
f5 big-ip_advanced_firewall_manager *
redhat gluster_storage_server_for_on-premise 2.1
f5 big-ip_application_security_manager *
qnap qts 4.1.1
ibm san_volume_controller_firmware *
suse linux_enterprise_software_development_kit 11
suse studio_onsite 1.3
f5 big-ip_global_traffic_manager 11.6.0
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
novell open_enterprise_server 2.0
ibm qradar_security_information_and_event_manager 7.2.9
ibm qradar_security_information_and_event_manager 7.1.2
redhat enterprise_linux_eus 6.5
mageia mageia 4.0
ibm stn7800_firmware *
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
debian debian_linux 7.0
ibm qradar_risk_manager 7.1.0
canonical ubuntu_linux 10.04
vmware esx 4.1
oracle linux 4
ibm storwize_v3700_firmware *
redhat enterprise_linux_server_aus 7.6
novell zenworks_configuration_management 11.3.0
ibm qradar_security_information_and_event_manager 7.2.2
redhat enterprise_linux_server_aus 6.5
f5 big-ip_global_traffic_manager *
arista eos *
redhat enterprise_linux_server_from_rhui 6.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
apple mac_os_x *
suse linux_enterprise_software_development_kit 12
ibm qradar_vulnerability_manager 7.2.8
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 6.4
f5 big-ip_edge_gateway *
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
redhat enterprise_linux_server_tus 6.5
ibm qradar_vulnerability_manager 7.2.0
redhat enterprise_linux_eus 6.4
f5 traffix_signaling_delivery_controller 4.1.0
opensuse opensuse 13.2
novell zenworks_configuration_management 11.1
redhat enterprise_linux_workstation 6.0
novell open_enterprise_server 11.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
oracle linux 5
f5 traffix_signaling_delivery_controller *
ibm storwize_v3500_firmware *
ibm qradar_security_information_and_event_manager 7.1.1
f5 big-iq_device *
ibm pureapplication_system *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
ibm flex_system_v7000_firmware *
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
ibm qradar_security_information_and_event_manager 7.2.6
ibm smartcloud_entry_appliance 2.4.0
checkpoint security_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics 11.6.0
ibm starter_kit_for_cloud 2.2.0
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
f5 big-ip_link_controller *
redhat enterprise_linux_server_tus 7.7
f5 big-ip_local_traffic_manager *
qnap qts *
f5 traffix_signaling_delivery_controller 3.4.1
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
ibm smartcloud_entry_appliance 3.2.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
redhat enterprise_linux 4.0
suse linux_enterprise_server 10
redhat enterprise_linux_for_scientific_computing 6.0
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_access_policy_manager 11.6.0
redhat enterprise_linux_server 5.0
opensuse opensuse 12.3
gnu bash *
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
ibm infosphere_guardium_database_activity_monitoring 8.2
vmware vcenter_server_appliance 5.0
f5 big-ip_policy_enforcement_manager *
redhat enterprise_linux_for_power_big_endian 5.9_ppc
ibm qradar_vulnerability_manager 7.2.3
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-iq_security *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
ibm smartcloud_entry_appliance 3.1.0
ibm smartcloud_provisioning 2.1.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
vmware vcenter_server_appliance 5.5
canonical ubuntu_linux 14.04
ibm qradar_vulnerability_manager 7.2.2
redhat enterprise_linux_server_aus 5.6
f5 big-iq_cloud *
canonical ubuntu_linux 12.04
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_workstation 7.0
oracle linux 6
ibm infosphere_guardium_database_activity_monitoring 9.0
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
ibm infosphere_guardium_database_activity_monitoring 9.1
f5 big-ip_protocol_security_module *
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_for_scientific_computing 7.0
ibm qradar_security_information_and_event_manager 7.2.8.15
redhat enterprise_linux_eus 7.4
f5 big-ip_link_controller 11.6.0
redhat enterprise_linux_for_power_big_endian 5.0_ppc
ibm qradar_security_information_and_event_manager 7.2.1
redhat enterprise_linux_server_aus 7.3
ibm qradar_security_information_and_event_manager 7.2.4
redhat enterprise_linux_server_tus 7.3
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm software_defined_network_for_virtual_environments *
redhat enterprise_linux_eus 7.5
ibm qradar_security_information_and_event_manager 7.1.0
ibm storwize_v5000_firmware *
f5 arx_firmware *
redhat enterprise_linux_server_aus 5.9
suse linux_enterprise_server 11
suse linux_enterprise_desktop 12
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
ibm stn6500_firmware *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
redhat enterprise_linux 6.0
ibm qradar_security_information_and_event_manager 7.2.3
ibm qradar_security_information_and_event_manager 7.2.5
redhat enterprise_linux_server_aus 7.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
ibm qradar_security_information_and_event_manager 7.2
f5 big-ip_application_security_manager 11.6.0
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
redhat enterprise_linux_eus 7.3
novell zenworks_configuration_management 11
ibm stn6800_firmware *
CVE-2014-8950 HIGH

Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint security_gateway r77
checkpoint security_gateway r77.10
CVE-2014-8951 HIGH

Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint security_gateway r75
checkpoint security_gateway r76
checkpoint security_gateway r77
checkpoint security_gateway r77.10
CVE-2014-8952 HIGH

Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service ("stability issue") via an unspecified "traffic condition."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint security_gateway r75.47
checkpoint security_gateway r76
checkpoint security_gateway r77
checkpoint security_gateway r75.45
checkpoint security_gateway r75.46
checkpoint security_gateway r77.10
checkpoint security_gateway r75.40
CVE-2018-8790 HIGH

Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint zonealarm *
CVE-2019-8452 MEDIUM

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-65,CWE-59,

Products Affected

Vendor Product Version
checkpoint zonealarm *
checkpoint endpoint_security *
CVE-2019-8453 LOW

Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.

CVSS 2.0

Severity: LOW

Problem Type: CWE-114,CWE-426,

Products Affected

Vendor Product Version
checkpoint zonealarm *
CVE-2019-8454 MEDIUM

A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-65,CWE-59,

Products Affected

Vendor Product Version
checkpoint endpoint_security *
CVE-2019-8455 LOW

A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-65,CWE-59,

Products Affected

Vendor Product Version
checkpoint zonealarm *
CVE-2019-8456 MEDIUM

Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint ipsec_vpn r80.20
checkpoint ipsec_vpn r80.10
CVE-2019-8458 LOW

Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.7 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-114,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint endpoint_security_clients *
checkpoint capsule_docs *
checkpoint remote_access_clients *
CVE-2019-8459 HIGH

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,CWE-428,

Products Affected

Vendor Product Version
checkpoint endpoint_security_clients *
checkpoint capsule_docs_standalone_client *
checkpoint smartconsole_for_endpoint_security_server e80.83
checkpoint jumbo_hotfix_for_endpoint_security_server *
checkpoint smartconsole_for_endpoint_security_server *
checkpoint remote_access_clients *
checkpoint endpoint_security_server_package *
CVE-2019-8461 MEDIUM

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-114,CWE-426,

Products Affected

Vendor Product Version
checkpoint capsule_docs_standalone_client *
checkpoint endpoint_security *
checkpoint remote_access_clients *
CVE-2019-8462 MEDIUM

In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
checkpoint security_gateway r80.30
CVE-2019-8463 MEDIUM

A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
checkpoint endpoint_security_clients *
CVE-2020-6012 MEDIUM

ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. This allows an unprivileged user to enable escalation of privilege via local access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
checkpoint zonealarm_anti-ransomware *
CVE-2020-6013 MEDIUM

ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-65,CWE-269,

Products Affected

Vendor Product Version
checkpoint zonealarm_extreme_security *
CVE-2020-6014 MEDIUM

Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-114,CWE-426,

Products Affected

Vendor Product Version
checkpoint endpoint_security *
CVE-2020-6015 LOW

Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint endpoint_security e84.10
CVE-2020-6020 HIGH

Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
checkpoint ica_management_portal r80.30
checkpoint ica_management_portal *
checkpoint ica_management_portal r80.20
checkpoint ica_management_portal r80.40
checkpoint ica_management_portal r80.10
CVE-2020-6021 MEDIUM

Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
checkpoint endpoint_security *
CVE-2020-6022 LOW

Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-275,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint zonealarm *
CVE-2020-6023 MEDIUM

Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint zonealarm *
CVE-2020-6024 MEDIUM

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-114,CWE-269,

Products Affected

Vendor Product Version
checkpoint smartconsole r80.30
checkpoint smartconsole *
checkpoint smartconsole r80.20
checkpoint smartconsole r81
checkpoint smartconsole r80.40
CVE-2021-30356 MEDIUM

A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint identity_agent *
CVE-2021-30357 MEDIUM

SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,CWE-209,

Products Affected

Vendor Product Version
checkpoint ssl_network_extender r80.30
checkpoint ssl_network_extender r80.20
checkpoint ssl_network_extender r80.40
checkpoint ssl_network_extender r81
checkpoint ssl_network_extender r80.10
CVE-2021-30358 MEDIUM

Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
checkpoint mobile_access_portal_agent r80.40
checkpoint mobile_access_portal_agent r81
checkpoint mobile_access_portal_agent r80.20
checkpoint mobile_access_portal_agent r80.30
checkpoint mobile_access_portal_agent r81.10
CVE-2021-30359 HIGH

The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
checkpoint sandblast_agent_for_browsers *
checkpoint harmony_browse *
CVE-2021-30360 HIGH

Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
checkpoint endpoint_security *
CVE-2021-30361 MEDIUM

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
checkpoint gaia_os -
checkpoint gaia_portal *
CVE-2021-3449 MEDIUM

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
siemens simatic_s7-1200_cpu_1212fc_firmware *
oracle mysql_connectors *
siemens simatic_pdm_firmware *
siemens sinema_server 14.0
siemens simatic_net_cp_1243-1_firmware *
netapp oncommand_workflow_automation -
siemens scalance_s615_firmware *
oracle enterprise_manager_for_storage_management 13.4.0.0
siemens simatic_rf185c_firmware *
siemens simatic_net_cp_1542sp-1_irc_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_process_historian_opc_ua_server_firmware *
oracle graalvm 19.3.5
siemens scalance_xr528-6m_firmware *
siemens simatic_wincc_telecontrol -
netapp santricity_smi-s_provider -
mcafee web_gateway 8.2.19
siemens scalance_w700_firmware *
siemens scalance_xb-200_firmware *
checkpoint quantum_security_gateway_firmware r80.40
mcafee web_gateway 9.2.10
tenable tenable.sc *
siemens simatic_cp_1242-7_gprs_v2_firmware *
sonicwall sonicos 7.0.1.0
siemens simatic_logon *
siemens simatic_rf188ci_firmware *
netapp storagegrid -
siemens scalance_xr524-8c_firmware *
tenable log_correlation_engine *
siemens scalance_xr-300wg_firmware *
siemens scalance_xr552-12_firmware *
siemens simatic_cloud_connect_7_firmware -
checkpoint quantum_security_management_firmware r81
siemens sinec_infrastructure_network_services *
siemens sinumerik_opc_ua_server *
tenable nessus_network_monitor 5.11.0
netapp active_iq_unified_manager -
siemens simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware *
oracle jd_edwards_enterpriseone_tools *
nodejs node.js *
siemens simatic_net_cp1243-7_lte_eu_firmware *
siemens simatic_mv500_firmware *
siemens ruggedcom_rcm1224_firmware *
siemens tia_administrator *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_wincc_runtime_advanced *
siemens simatic_cp_1242-7_gprs_v2_firmware -
siemens scalance_xf-200ba_firmware *
siemens simatic_pcs_neo_firmware *
checkpoint quantum_security_management_firmware r80.40
siemens tim_1531_irc_firmware *
siemens simatic_net_cp_1545-1_firmware *
siemens sinec_pni -
netapp snapcenter -
oracle primavera_unifier 19.12
tenable nessus *
tenable nessus_network_monitor 5.12.0
siemens simatic_s7-1200_cpu_1215_fc_firmware *
siemens simatic_hmi_basic_panels_2nd_generation_firmware *
siemens simatic_net_cp_1243-8_irc_firmware *
siemens scalance_s602_firmware *
oracle zfs_storage_appliance_kit 8.8
siemens scalance_xc-200_firmware *
siemens sinamics_connect_300_firmware *
mcafee web_gateway_cloud_service 9.2.10
siemens simatic_rf186ci_firmware *
oracle mysql_server *
siemens scalance_m-800_firmware *
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_hmi_comfort_outdoor_panels_firmware *
siemens scalance_s627-2m_firmware *
netapp oncommand_insight -
oracle peoplesoft_enterprise_peopletools 8.57
debian debian_linux 9.0
sonicwall sma100_firmware *
oracle essbase 21.2
freebsd freebsd 12.2
siemens scalance_lpe9403_firmware *
mcafee web_gateway_cloud_service 8.2.19
siemens simatic_rf166c_firmware *
siemens simatic_rf360r_firmware *
checkpoint quantum_security_gateway_firmware r81
mcafee web_gateway_cloud_service 10.1.1
openssl openssl *
tenable nessus_network_monitor 5.13.0
oracle graalvm 21.0.0.2
siemens sinec_nms 1.0
siemens scalance_s612_firmware *
siemens scalance_sc-600_firmware *
oracle mysql_workbench *
siemens simatic_rf186c_firmware *
checkpoint multi-domain_management_firmware r80.40
siemens simatic_s7-1200_cpu_1214_fc_firmware *
sonicwall capture_client 3.5
tenable nessus_network_monitor 5.12.1
siemens simatic_net_cp_1543-1_firmware *
oracle graalvm 20.3.1.2
siemens simatic_s7-1200_cpu_1211c_firmware *
debian debian_linux 10.0
siemens scalance_s623_firmware *
siemens simatic_cloud_connect_7_firmware *
siemens simatic_net_cp1243-7_lte_us_firmware *
siemens simatic_pcs_7_telecontrol_firmware *
netapp ontap_select_deploy_administration_utility -
oracle peoplesoft_enterprise_peopletools 8.59
netapp cloud_volumes_ontap_mediator -
siemens scalance_xm-400_firmware *
oracle secure_backup *
siemens simatic_hmi_ktp_mobile_panels_firmware *
fedoraproject fedora 34
siemens scalance_w1700_firmware *
siemens scalance_xp-200_firmware *
oracle secure_global_desktop 5.6
oracle jd_edwards_world_security a9.4
oracle communications_communications_policy_management 12.6.0.0.0
oracle primavera_unifier 20.12
siemens simatic_s7-1200_cpu_1217c_firmware *
oracle primavera_unifier 21.12
checkpoint multi-domain_management_firmware r81
siemens simatic_rf188c_firmware *
oracle primavera_unifier *
netapp e-series_performance_analyzer -
siemens scalance_xr526-8c_firmware *
tenable nessus_network_monitor 5.11.1
mcafee web_gateway 10.1.1
siemens simatic_logon 1.5
oracle peoplesoft_enterprise_peopletools 8.58
siemens simatic_net_cp_1543sp-1_firmware *
CVE-2022-23742 MEDIUM

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-65,CWE-59,

Products Affected

Vendor Product Version
checkpoint endpoint_security *
CVE-2022-23743 HIGH

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-269,CWE-732,

Products Affected

Vendor Product Version
checkpoint zonealarm *
CVE-2022-23744 LOW

Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 0.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-470,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
checkpoint endpoint_security e85
checkpoint endpoint_security e86.30
checkpoint harmony_endpoint e86.10
checkpoint endpoint_security e83
checkpoint harmony_endpoint e83
checkpoint harmony_endpoint e85
checkpoint endpoint_security e86.40
checkpoint harmony_endpoint e84
checkpoint harmony_endpoint e86.30
checkpoint harmony_endpoint e86.20
checkpoint harmony_endpoint e86.40
checkpoint endpoint_security e86.20
checkpoint endpoint_security e86.10
checkpoint endpoint_security e84
CVE-2022-23745

A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
checkpoint capsule_workspace *
CVE-2022-23746

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.

Products Affected

Vendor Product Version
checkpoint ssl_network_extender r80.30
checkpoint ssl_network_extender r80.20
checkpoint ssl_network_extender r80.40
checkpoint ssl_network_extender r81.10
checkpoint ssl_network_extender r80.20sp
checkpoint ssl_network_extender r80.30sp
checkpoint ssl_network_extender r81
CVE-2022-41604

Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
checkpoint zonealarm *
CVE-2023-28130

Local user may lead to privilege escalation using Gaia Portal hostnames page.

Products Affected

Vendor Product Version
checkpoint gaia_portal r81.10
checkpoint gaia_portal r81.20
checkpoint gaia_portal r80.40
checkpoint gaia_portal r81
CVE-2023-28133

Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file

Products Affected

Vendor Product Version
checkpoint endpoint_security e87.30
CVE-2023-28134

Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
checkpoint endpoint_security e85
checkpoint endpoint_security e86
checkpoint endpoint_security e84
CVE-2024-24910

A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.

Products Affected

Vendor Product Version
checkpoint zonealarm_extreme_security *
checkpoint identity_agent *
checkpoint zonealarm_extreme_security_nextgen *
CVE-2024-24911

In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@checkpoint.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
checkpoint gaia_os r81.20
checkpoint gaia_os r82
checkpoint gaia_os r81
checkpoint gaia_os r81.10
CVE-2024-24912

A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.

Products Affected

Vendor Product Version
checkpoint harmony_endpoint *
CVE-2024-24914

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@checkpoint.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
checkpoint gaia_os r81.20
checkpoint gaia_os r81
checkpoint gaia_os r81.10
CVE-2024-24915

Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@checkpoint.com 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.2 5.9

Products Affected

Vendor Product Version
checkpoint smartconsole r82
checkpoint smartconsole r81.10
checkpoint smartconsole r81.20
CVE-2024-24916

Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@checkpoint.com 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

Products Affected

Vendor Product Version
checkpoint smartconsole r81.10
checkpoint smartconsole r81.20
CVE-2024-24919

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@checkpoint.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
checkpoint cloudguard_network_security r81
checkpoint quantum_spark_firmware r81
checkpoint quantum_security_gateway_firmware r81.0
checkpoint quantum_security_gateway_firmware r81
checkpoint cloudguard_network_security r81.0
checkpoint quantum_spark_firmware r80.20
checkpoint quantum_security_gateway_firmware r81.20
checkpoint cloudguard_network_security r81.20
checkpoint cloudguard_network_security r80.40
checkpoint quantum_security_gateway_firmware r81.10
checkpoint quantum_spark_firmware r81.10
checkpoint quantum_spark_firmware r80.40
checkpoint quantum_security_gateway_firmware r80.40
checkpoint cloudguard_network_security r81.10
CVE-2024-52885

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@checkpoint.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
checkpoint mobile_access -
checkpoint remote_access_vpn -
CVE-2024-52887

Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@checkpoint.com 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N 2.1 1.4

Products Affected

Vendor Product Version
checkpoint mobile_access -
checkpoint remote_access_vpn -
CVE-2024-52888

For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@checkpoint.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
checkpoint mobile_access -
checkpoint remote_access_vpn -
CVE-2024-6233

Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21677.

Products Affected

Vendor Product Version
checkpoint zonealarm_extreme_security 4.0.148.0
checkpoint zonealarm_extreme_security_nextgen 4.0.148
CVE-2025-2028

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
cve@checkpoint.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L 2.2 4.2

Products Affected

Vendor Product Version
checkpoint log_server r81.20
checkpoint log_server r82
checkpoint log_server r81.10
CVE-2025-3831

Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@checkpoint.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
checkpoint harmony_sase -