Vulnerability Note VU#992585
Check Point VPN-1 information disclosure vulnerability
The Check Point VPN-1 firewall contains an information disclosure vulnerability that may allow an authenticated attacker to access data that they are not authorized to access.
The Check Point VPN-1 is an application layer firewall that supports remote and site-to-site virtual private networks (VPN).
From Check Point Solution ID sk34579
Remote Access Client (C) connects to a gateway (A). A site-to-site VPN tunnel exists between gateways (A) and (B). If the Remote Access Client (C) has an IP address which is also defined in the encryption domain of gateway (B), collisions occur: new connections meant for the afore-mentioned IP address in the encryption domain of gateway (B) would be incorrectly transferred to the Remote Access Client (C). Existing connections are not affected.
A remote, authenticated attacker may be able to intercept data that they are not authorized to access.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Check Point Software Technologies||Affected||-||18 Mar 2008|
CVSS Metrics (Learn More)
Thanks to Robert Mitchell of Pursecurity and Check Point for information that was used in this report.
This document was written by Ryan Giobbi.
- CVE IDs: Unknown
- Date Public: 18 Mar 2008
- Date First Published: 18 Mar 2008
- Date Last Updated: 18 Mar 2008
- Severity Metric: 2.36
- Document Revision: 30