Overview
Check Point VPN-1/FireWall-1 version 4.0 & 4.1 may allow an intruder to pass traffic through the firewall on port 259.
Description
Firewall-1 and VPN-1 include support for RDP, but do not provide adequate security controls for RDP data. By adding a faked RDP header to typical UDP traffic, any content can be passed to port 259 on any host on either side of the device. |
Impact
An attacker who exploits this vulnerability can build a tunnel to bypass the firewall and pass traffic to and from arbitrary hosts on either side of the firewall on port 259. |
Solution
Apply patch from vendor. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A |
References
Credit
The vulnerability was discovered by Jochen Bauer <jtb@inside-security.de> and Boris Wesslowski <bw@inside-security.de> of Inside Security GmbH Stuttgart, Germany.
This document was written by Ian A. Finlay.
Other Information
| CVE IDs: | CVE-2001-1158 |
| CERT Advisory: | CA-2001-17 |
| Severity Metric: | 51.30 |
| Date Public: | 2001-07-09 |
| Date First Published: | 2001-07-09 |
| Date Last Updated: | 2003-04-09 19:26 UTC |
| Document Revision: | 57 |