cvelistv5 - cve-2007-0471

CVE-2007-0471 (GCVE-0-2007-0471)

Vulnerability from cvelistv5 – Published: 2007-01-24 01:00 – Updated: 2024-08-07 12:19

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://securitytracker.com/id?1017559	vdb-entryx_refsource_SECTRACK
	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/457683/100…	mailing-listx_refsource_BUGTRAQ
	http://www.checkpoint.com/downloads/latest/hfa/co…	x_refsource_CONFIRM
	http://www.checkpoint.com/downloads/latest/hfa/vp…	x_refsource_MISC
	http://securityreason.com/securityalert/2179	third-party-advisoryx_refsource_SREASON
	http://secunia.com/advisories/23847	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/457621/100…	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secureknowledge.checkpoint.com/SecureKnowl…	x_refsource_MISC
	http://osvdb.org/31655	vdb-entryx_refsource_OSVDB
	http://securitytracker.com/id?1017560	vdb-entryx_refsource_SECTRACK
	http://updates.checkpoint.com/fileserver/ID/7126/…	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/0276	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:19:30.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017559",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017559"
          },
          {
            "name": "20070122 Check Point Connectra End Point security bypass",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html"
          },
          {
            "name": "20070122 Check Point Connectra End Point security bypass",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html"
          },
          {
            "name": "2179",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2179"
          },
          {
            "name": "23847",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23847"
          },
          {
            "name": "20070122 Re: [Full-disclosure] Check Point Connectra End Point security bypass",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"
          },
          {
            "name": "checkpoint-params-security-bypass(31646)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472"
          },
          {
            "name": "31655",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/31655"
          },
          {
            "name": "1017560",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017560"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf"
          },
          {
            "name": "ADV-2007-0276",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0276"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017559",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017559"
        },
        {
          "name": "20070122 Check Point Connectra End Point security bypass",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html"
        },
        {
          "name": "20070122 Check Point Connectra End Point security bypass",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html"
        },
        {
          "name": "2179",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2179"
        },
        {
          "name": "23847",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23847"
        },
        {
          "name": "20070122 Re: [Full-disclosure] Check Point Connectra End Point security bypass",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"
        },
        {
          "name": "checkpoint-params-security-bypass(31646)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472"
        },
        {
          "name": "31655",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/31655"
        },
        {
          "name": "1017560",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017560"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf"
        },
        {
          "name": "ADV-2007-0276",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0276"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0471",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017559",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017559"
            },
            {
              "name": "20070122 Check Point Connectra End Point security bypass",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html"
            },
            {
              "name": "20070122 Check Point Connectra End Point security bypass",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"
            },
            {
              "name": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html",
              "refsource": "CONFIRM",
              "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"
            },
            {
              "name": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html",
              "refsource": "MISC",
              "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html"
            },
            {
              "name": "2179",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2179"
            },
            {
              "name": "23847",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23847"
            },
            {
              "name": "20070122 Re: [Full-disclosure] Check Point Connectra End Point security bypass",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"
            },
            {
              "name": "checkpoint-params-security-bypass(31646)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"
            },
            {
              "name": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472",
              "refsource": "MISC",
              "url": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472"
            },
            {
              "name": "31655",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/31655"
            },
            {
              "name": "1017560",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017560"
            },
            {
              "name": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf",
              "refsource": "MISC",
              "url": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf"
            },
            {
              "name": "ADV-2007-0276",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0276"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0471",
    "datePublished": "2007-01-24T01:00:00",
    "dateReserved": "2007-01-23T00:00:00",
    "dateUpdated": "2024-08-07T12:19:30.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:connectra_ngx:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"r62\", \"matchCriteriaId\": \"A8BC4A4B-B251-4D50-854C-C07E88EAC665\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.\"}, {\"lang\": \"es\", \"value\": \"El archivo sre/params.php en el componente Integrity Clientless Security (ICS) en Check Point Connectra NGX R62 versi\\u00f3n 3.x y anteriores a Security Hotfix versi\\u00f3n 5, y posiblemente VPN-1 NGX R62, permite a los atacantes remotos omitir los requisitos de seguridad por medio de un par\\u00e1metro Report creado, que devuelve un token de autenticaci\\u00f3n ICSCookie v\\u00e1lido.\"}]",
      "id": "CVE-2007-0471",
      "lastModified": "2024-11-21T00:25:56.917",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2007-01-24T01:28:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/31655\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/23847\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/2179\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1017559\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1017560\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457621/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457683/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0276\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/31646\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/31655\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/23847\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/2179\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1017559\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1017560\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457621/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457683/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0276\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/31646\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0471\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-01-24T01:28:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.\"},{\"lang\":\"es\",\"value\":\"El archivo sre/params.php en el componente Integrity Clientless Security (ICS) en Check Point Connectra NGX R62 versi\u00f3n 3.x y anteriores a Security Hotfix versi\u00f3n 5, y posiblemente VPN-1 NGX R62, permite a los atacantes remotos omitir los requisitos de seguridad por medio de un par\u00e1metro Report creado, que devuelve un token de autenticaci\u00f3n ICSCookie v\u00e1lido.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:connectra_ngx:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"r62\",\"matchCriteriaId\":\"A8BC4A4B-B251-4D50-854C-C07E88EAC665\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/31655\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23847\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/2179\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017559\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017560\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/457621/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/457683/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0276\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31646\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/31655\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23847\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/2179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017560\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/457621/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/457683/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0276\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31646\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-043

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité a été identifiée dans Check Point Connectra, une solution de passerelle permettant de déployer et contrôler les accès SSL VPN. Des fichiers de session ne seraient pas correctement vérifiés. Une personne malveillante pourrait donc exploiter cette vulnérabilité pour contourner la politique de sécurité et connecter une machine compromise au réseau, sans que celle-ci subisse de tests préalables. Ces tests font cependant partie de la solution Check Point, nommée Comprehensive endpoint security.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Check Point	N/A	Check Point Connectra R62 ainsi que des versions antérieures.

References

Title

Publication Time

Tags

Mise à jour Check Point du 22 janvier 2007	None	vendor-advisory
Mise à jour de sécurité Check Point du 22 janvier 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Check Point Connectra R62 ainsi que des versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Check Point Connectra, une\nsolution de passerelle permettant de d\u00e9ployer et contr\u00f4ler les acc\u00e8s SSL\nVPN. Des fichiers de session ne seraient pas correctement v\u00e9rifi\u00e9s. Une\npersonne malveillante pourrait donc exploiter cette vuln\u00e9rabilit\u00e9 pour\ncontourner la politique de s\u00e9curit\u00e9 et connecter une machine compromise\nau r\u00e9seau, sans que celle-ci subisse de tests pr\u00e9alables. Ces tests font\ncependant partie de la solution Check Point, nomm\u00e9e Comprehensive\nendpoint security.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0471"
    }
  ],
  "links": [
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Check Point du 22 janvier 2007 :",
      "url": "http://www.checkpoint.com/downloads/"
    }
  ],
  "reference": "CERTA-2007-AVI-043",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de Check Point Connectra",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour Check Point du 22 janvier 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-043

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Check Point	N/A	Check Point Connectra R62 ainsi que des versions antérieures.

References

Title

Publication Time

Tags

Mise à jour Check Point du 22 janvier 2007	None	vendor-advisory
Mise à jour de sécurité Check Point du 22 janvier 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Check Point Connectra R62 ainsi que des versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Check Point Connectra, une\nsolution de passerelle permettant de d\u00e9ployer et contr\u00f4ler les acc\u00e8s SSL\nVPN. Des fichiers de session ne seraient pas correctement v\u00e9rifi\u00e9s. Une\npersonne malveillante pourrait donc exploiter cette vuln\u00e9rabilit\u00e9 pour\ncontourner la politique de s\u00e9curit\u00e9 et connecter une machine compromise\nau r\u00e9seau, sans que celle-ci subisse de tests pr\u00e9alables. Ces tests font\ncependant partie de la solution Check Point, nomm\u00e9e Comprehensive\nendpoint security.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0471"
    }
  ],
  "links": [
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Check Point du 22 janvier 2007 :",
      "url": "http://www.checkpoint.com/downloads/"
    }
  ],
  "reference": "CERTA-2007-AVI-043",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de Check Point Connectra",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour Check Point du 22 janvier 2007",
      "url": null
    }
  ]
}

GHSA-QVRR-43X4-6H4W

Vulnerability from github – Published: 2022-05-01 17:44 – Updated: 2022-05-01 17:44

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0471"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-24T01:28:00Z",
    "severity": "HIGH"
  },
  "details": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.",
  "id": "GHSA-qvrr-43x4-6h4w",
  "modified": "2022-05-01T17:44:35Z",
  "published": "2022-05-01T17:44:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0471"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/31655"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23847"
    },
    {
      "type": "WEB",
      "url": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/2179"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017559"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017560"
    },
    {
      "type": "WEB",
      "url": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"
    },
    {
      "type": "WEB",
      "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0276"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-0471

Vulnerability from fkie_nvd - Published: 2007-01-24 01:28 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html	Exploit, Vendor Advisory
cve@mitre.org	http://osvdb.org/31655
cve@mitre.org	http://secunia.com/advisories/23847	Vendor Advisory
cve@mitre.org	http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472
cve@mitre.org	http://securityreason.com/securityalert/2179
cve@mitre.org	http://securitytracker.com/id?1017559
cve@mitre.org	http://securitytracker.com/id?1017560
cve@mitre.org	http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf
cve@mitre.org	http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html
cve@mitre.org	http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html
cve@mitre.org	http://www.securityfocus.com/archive/1/457621/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/457683/100/0/threaded
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0276	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/31646
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/31655
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23847	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2179
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017559
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017560
af854a3a-2127-422b-91ae-364da2661108	http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html
af854a3a-2127-422b-91ae-364da2661108	http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/457621/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/457683/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0276	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/31646

Impacted products

	Vendor	Product	Version
	checkpoint	connectra_ngx	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:checkpoint:connectra_ngx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8BC4A4B-B251-4D50-854C-C07E88EAC665",
              "versionEndIncluding": "r62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token."
    },
    {
      "lang": "es",
      "value": "El archivo sre/params.php en el componente Integrity Clientless Security (ICS) en Check Point Connectra NGX R62 versi\u00f3n 3.x y anteriores a Security Hotfix versi\u00f3n 5, y posiblemente VPN-1 NGX R62, permite a los atacantes remotos omitir los requisitos de seguridad por medio de un par\u00e1metro Report creado, que devuelve un token de autenticaci\u00f3n ICSCookie v\u00e1lido."
    }
  ],
  "id": "CVE-2007-0471",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-01-24T01:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/31655"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23847"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2179"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017559"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017560"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0276"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/31655"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200701-0404

Vulnerability from variot - Updated: 2023-12-18 13:40

sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token. Multiple Check Point products are prone to a security-bypass vulnerability. An attacker can exploit this issue to access cookie data and then use it to bypass certain security restrictions. This issue may potentially allow an attacker to gain unauthorized access to the affected application. Check Point Connectra is a web security gateway that provides SSL VPN access and integrates endpoint security and application security within a unified solution. There are loopholes in Connectra's processing of endpoint access authentication. One of the main functions of Connectra is the comprehensive endpoint security service. Specifically, before the client connects to the internal network, it will perform a test on the client to check whether the computer has a security risk. If a risk is detected, it will prompt the user for details of the risk. information, and the user will be asked to test again before logging on to the network. After the user submits the request, the server will send Set-Cookie to the client.

Secunia is proud to announce the availability of the Secunia Software Inspector.

The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.

Try it out online: http://secunia.com/software_inspector/

TITLE: Check Point Products ICS Security Bypass

SECUNIA ADVISORY ID: SA23847

VERIFY ADVISORY: http://secunia.com/advisories/23847/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE:

From remote

OPERATING SYSTEM: Check Point Connectra Appliances http://secunia.com/product/13352/

SOFTWARE:

http://secunia.com/product// Check Point VPN-1 Power NGX http://secunia.com/product/13348/

http://secunia.com/product// Check Point VPN-1 UTM NG AI http://secunia.com/product/13350/ Check Point VPN-1 Power NG AI http://secunia.com/product/13351/ Check Point VPN-1 UTM NGX http://secunia.com/product/13346/

DESCRIPTION: Roni Bachar and Nir Goldshlager have reported a vulnerability in Check Point products, which can be exploited by malicious people to bypass certain security restrictions.

The problem is that /sre/params.php in ICS (Integrity Clientless Security) does not properly validate the data being sent to it. This can be exploited to receive a cookie, which can be used to bypass certain checks before being allowed to log in to the network, by sending a POST request with a valid report to the /sre/params.php page.

Successful exploitation requires that the ICS feature is enabled.

The vulnerability affects the following products and versions: * Connectra NGX R62 * Connectra NGX R61 * Connectra NGX R60 * Connectra 2.0 * VPN-1 Power/UTM (Pro/Express) NGX R62 * VPN-1 Power/UTM (Pro/Express) NGX R61 * VPN-1 Power/UTM (Pro/Express) NGX R60 * VPN-1 Power/UTM (Pro/Express) NG AI R55W * VPN-1 Power/UTM (Pro/Express) NG AI R55

SOLUTION: Apply hotfix.

Connectra: http://www.checkpoint.com/downloads/latest/hfa/connectra/index.html

VPN-1: http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/index.html

PROVIDED AND/OR DISCOVERED BY: Roni Bachar and Nir Goldshlager, Avnet

ORIGINAL ADVISORY: Check Point: https://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472

Full-Disclosure: http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200701-0404",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "connectra ngx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "r62"
      },
      {
        "model": "connectra",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "2.0"
      },
      {
        "model": "connectra ngx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "r60"
      },
      {
        "model": "connectra ngx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "r61"
      },
      {
        "model": "connectra ngx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "r62"
      },
      {
        "model": "vpn-1 power/utm",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "(pro/express) ng ai r55"
      },
      {
        "model": "vpn-1 power/utm",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "(pro/express) ng ai r55w"
      },
      {
        "model": "vpn-1 power/utm",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "(pro/express) ngx r60"
      },
      {
        "model": "vpn-1 power/utm",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "(pro/express) ngx r61"
      },
      {
        "model": "vpn-1 power/utm",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "(pro/express) ngx r62"
      },
      {
        "model": "connectra ngx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "checkpoint",
        "version": "r62"
      },
      {
        "model": "point software vpn-1 power/utm pro ngx r62",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 power/utm pro ngx r61",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 power/utm pro ngx r60",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 power/utm pro ng ai r55w",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 power/utm pro ng ai r55",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 power/utm express ngx r62",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 power/utm express ngx r60",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 power/utm express ng ai r55w",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 power/utm express ng ai r55",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software connectra ngx r62",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software connectra ngx r61",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software connectra ngx r60",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software connectra",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "2.0"
      },
      {
        "model": "point vpn-1 power/utm express ngx r61",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "22233"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001192"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0471"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-406"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:connectra_ngx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r62",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0471"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Roni Bachar roni@ avnet.co.il\u003e)Nir Goldshlager",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-406"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-0471",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2007-0471",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-23833",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-0471",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200701-406",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-23833",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23833"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001192"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0471"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-406"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token. Multiple Check Point products are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to access cookie data and then use it to bypass certain security restrictions. This issue may potentially allow an attacker to gain unauthorized access to the affected application. Check Point Connectra is a web security gateway that provides SSL VPN access and integrates endpoint security and application security within a unified solution. There are loopholes in Connectra\u0027s processing of endpoint access authentication. One of the main functions of Connectra is the comprehensive endpoint security service. Specifically, before the client connects to the internal network, it will perform a test on the client to check whether the computer has a security risk. If a risk is detected, it will prompt the user for details of the risk. information, and the user will be asked to test again before logging on to the network. After the user submits the request, the server will send Set-Cookie to the client. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nCheck Point Products ICS Security Bypass\n\nSECUNIA ADVISORY ID:\nSA23847\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23847/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCheck Point Connectra Appliances\nhttp://secunia.com/product/13352/\n\nSOFTWARE:\n\nhttp://secunia.com/product//\nCheck Point VPN-1 Power NGX\nhttp://secunia.com/product/13348/\n\nhttp://secunia.com/product//\nCheck Point VPN-1 UTM NG AI\nhttp://secunia.com/product/13350/\nCheck Point VPN-1 Power NG AI\nhttp://secunia.com/product/13351/\nCheck Point VPN-1 UTM NGX\nhttp://secunia.com/product/13346/\n\nDESCRIPTION:\nRoni Bachar and Nir Goldshlager have reported a vulnerability in\nCheck Point products, which can be exploited by malicious people to\nbypass certain security restrictions. \n\nThe problem is that /sre/params.php in ICS (Integrity Clientless\nSecurity) does not properly validate the data being sent to it. This\ncan be exploited to receive a cookie, which can be used to bypass\ncertain checks before being allowed to log in to the network, by\nsending a POST request with a valid report to the /sre/params.php\npage. \n\nSuccessful exploitation requires that the ICS feature is enabled. \n\nThe vulnerability affects the following products and versions:\n* Connectra NGX R62\n* Connectra NGX R61\n* Connectra NGX R60\n* Connectra 2.0\n* VPN-1 Power/UTM (Pro/Express) NGX R62\n* VPN-1 Power/UTM (Pro/Express) NGX R61\n* VPN-1 Power/UTM (Pro/Express) NGX R60\n* VPN-1 Power/UTM (Pro/Express) NG AI R55W\n* VPN-1 Power/UTM (Pro/Express) NG AI R55\n\nSOLUTION:\nApply hotfix. \n\nConnectra:\nhttp://www.checkpoint.com/downloads/latest/hfa/connectra/index.html\n\nVPN-1:\nhttp://www.checkpoint.com/downloads/latest/hfa/vpn1_security/index.html\n\nPROVIDED AND/OR DISCOVERED BY:\nRoni Bachar and Nir Goldshlager, Avnet\n\nORIGINAL ADVISORY:\nCheck Point:\nhttps://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472\n\nFull-Disclosure:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0471"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001192"
      },
      {
        "db": "BID",
        "id": "22233"
      },
      {
        "db": "VULHUB",
        "id": "VHN-23833"
      },
      {
        "db": "PACKETSTORM",
        "id": "53956"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-0471",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "23847",
        "trust": 2.6
      },
      {
        "db": "OSVDB",
        "id": "31655",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1017559",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1017560",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0276",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "2179",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001192",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-406",
        "trust": 0.7
      },
      {
        "db": "FULLDISC",
        "id": "20070122 CHECK POINT CONNECTRA END POINT SECURITY BYPASS",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20070122 CHECK POINT CONNECTRA END POINT SECURITY BYPASS",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20070122 RE: [FULL-DISCLOSURE] CHECK POINT CONNECTRA END POINT SECURITY BYPASS",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "31646",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "22233",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-23833",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53956",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23833"
      },
      {
        "db": "BID",
        "id": "22233"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001192"
      },
      {
        "db": "PACKETSTORM",
        "id": "53956"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0471"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-406"
      }
    ]
  },
  "id": "VAR-200701-0404",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23833"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:40:40.118000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "sk32472",
        "trust": 0.8,
        "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk32472"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001192"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23833"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001192"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0471"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://osvdb.org/31655"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1017559"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1017560"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/23847"
      },
      {
        "trust": 2.1,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-january/051920.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"
      },
      {
        "trust": 1.7,
        "url": "http://updates.checkpoint.com/fileserver/id/7126/file/vpn-1_hotfix1.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_r62_windows.html"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/2179"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/0276"
      },
      {
        "trust": 1.2,
        "url": "http://secureknowledge.checkpoint.com/secureknowledge/viewsolutiondocument.do?lid=sk32472"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/0276"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0471"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0471"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/31646"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/457683/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/457621/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.checkpoint.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/index.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13350/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product//"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/23847/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13346/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13351/"
      },
      {
        "trust": 0.1,
        "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/index.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13352/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13348/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23833"
      },
      {
        "db": "BID",
        "id": "22233"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001192"
      },
      {
        "db": "PACKETSTORM",
        "id": "53956"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0471"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-406"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-23833"
      },
      {
        "db": "BID",
        "id": "22233"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001192"
      },
      {
        "db": "PACKETSTORM",
        "id": "53956"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0471"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-406"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-01-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-23833"
      },
      {
        "date": "2007-01-25T00:00:00",
        "db": "BID",
        "id": "22233"
      },
      {
        "date": "2009-03-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001192"
      },
      {
        "date": "2007-01-27T01:46:45",
        "db": "PACKETSTORM",
        "id": "53956"
      },
      {
        "date": "2007-01-24T01:28:00",
        "db": "NVD",
        "id": "CVE-2007-0471"
      },
      {
        "date": "2007-01-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-406"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-23833"
      },
      {
        "date": "2015-03-19T08:36:00",
        "db": "BID",
        "id": "22233"
      },
      {
        "date": "2009-03-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001192"
      },
      {
        "date": "2018-10-16T16:32:56.277000",
        "db": "NVD",
        "id": "CVE-2007-0471"
      },
      {
        "date": "2007-08-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-406"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-406"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Check Point Connectra NGX Vulnerabilities that bypass security requirements",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001192"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-406"
      }
    ],
    "trust": 0.6
  }
}

GSD-2007-0471

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-0471

Aliases

CVE-2007-0471

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0471",
    "description": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.",
    "id": "GSD-2007-0471"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0471"
      ],
      "details": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.",
      "id": "GSD-2007-0471",
      "modified": "2023-12-13T01:21:35.347205Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0471",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1017559",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017559"
          },
          {
            "name": "20070122 Check Point Connectra End Point security bypass",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html"
          },
          {
            "name": "20070122 Check Point Connectra End Point security bypass",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"
          },
          {
            "name": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html",
            "refsource": "CONFIRM",
            "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"
          },
          {
            "name": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html",
            "refsource": "MISC",
            "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html"
          },
          {
            "name": "2179",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/2179"
          },
          {
            "name": "23847",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23847"
          },
          {
            "name": "20070122 Re: [Full-disclosure] Check Point Connectra End Point security bypass",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"
          },
          {
            "name": "checkpoint-params-security-bypass(31646)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"
          },
          {
            "name": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472",
            "refsource": "MISC",
            "url": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472"
          },
          {
            "name": "31655",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/31655"
          },
          {
            "name": "1017560",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017560"
          },
          {
            "name": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf",
            "refsource": "MISC",
            "url": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf"
          },
          {
            "name": "ADV-2007-0276",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0276"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:connectra_ngx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r62",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0471"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070122 Check Point Connectra End Point security bypass",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html"
            },
            {
              "name": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472",
              "refsource": "MISC",
              "tags": [],
              "url": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472"
            },
            {
              "name": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf"
            },
            {
              "name": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html"
            },
            {
              "name": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"
            },
            {
              "name": "1017559",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017559"
            },
            {
              "name": "23847",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/23847"
            },
            {
              "name": "1017560",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017560"
            },
            {
              "name": "2179",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/2179"
            },
            {
              "name": "31655",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/31655"
            },
            {
              "name": "ADV-2007-0276",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0276"
            },
            {
              "name": "checkpoint-params-security-bypass(31646)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"
            },
            {
              "name": "20070122 Check Point Connectra End Point security bypass",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"
            },
            {
              "name": "20070122 Re: [Full-disclosure] Check Point Connectra End Point security bypass",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-16T16:32Z",
      "publishedDate": "2007-01-24T01:28Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-0471 (GCVE-0-2007-0471)

CERTA-2007-AVI-043

Description

Solution

CERTA-2007-AVI-043

Description

Solution

GHSA-QVRR-43X4-6H4W

FKIE_CVE-2007-0471

VAR-200701-0404

GSD-2007-0471

Tags

Sightings

Nomenclature