Vulnerability Note VU#310295
Check Point RDP Bypass Vulnerability
Firewall-1 and VPN-1 include support for RDP, but do not provide adequate security controls for RDP data. By adding a faked RDP header to typical UDP traffic, any content can be passed to port 259 on any host on either side of the device.
An attacker who exploits this vulnerability can build a tunnel to bypass the firewall and pass traffic to and from arbitrary hosts on either side of the firewall on port 259.
Apply patch from vendor.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Check Point||Affected||11 Jun 2001||09 Jul 2001|
CVSS Metrics (Learn More)
The vulnerability was discovered by Jochen Bauer <firstname.lastname@example.org> and Boris Wesslowski <email@example.com> of Inside Security GmbH Stuttgart, Germany.
This document was written by Ian A. Finlay.
- CVE IDs: CVE-2001-1158
- CERT Advisory: CA-2001-17
- Date Public: 09 Jul 2001
- Date First Published: 09 Jul 2001
- Date Last Updated: 09 Apr 2003
- Severity Metric: 51.30
- Document Revision: 57
If you have feedback, comments, or additional information about this vulnerability, please send us email.