Notified:  February 05, 2004 Updated: February 09, 2004

Status

Affected

Vendor Statement

The reported issue does not exist in recent versions of VPN-1/FireWall-1 Next Generation (NG) FP2 and later, including all versions of Next Generation Application Intelligence (NG AI). Nor does this issue exist in VPN-1/FireWall-1 4.1 SP6. The issue was also fixed in the same versions of our VPN client products, SecureClient and SecuRemote. This issue was fixed during 2002 for all our product lines. There is a very small number of customers that are still using versions prior to 4.1 SP6 and NG prior to FP2; The number of them that use VPN is significantly smaller, hence the vulnerability applies to a very small number of existing deployments.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.