cvelistv5 - cve-2011-1827

CVE-2011-1827 (GCVE-0-2011-1827)

Vulnerability from cvelistv5 – Published: 2011-10-05 01:00 – Updated: 2024-09-16 18:29

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/47695	vdb-entryx_refsource_BID
	https://www.sec-consult.com/en/advisories.html#a68	x_refsource_MISC
	https://supportcenter.checkpoint.com/supportcente…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/1162	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:37:25.838Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "47695",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47695"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sec-consult.com/en/advisories.html#a68"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410"
          },
          {
            "name": "ADV-2011-1162",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1162"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-10-05T01:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "47695",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47695"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sec-consult.com/en/advisories.html#a68"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410"
        },
        {
          "name": "ADV-2011-1162",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1162"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1827",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "47695",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47695"
            },
            {
              "name": "https://www.sec-consult.com/en/advisories.html#a68",
              "refsource": "MISC",
              "url": "https://www.sec-consult.com/en/advisories.html#a68"
            },
            {
              "name": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410",
              "refsource": "CONFIRM",
              "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410"
            },
            {
              "name": "ADV-2011-1162",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1162"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1827",
    "datePublished": "2011-10-05T01:00:00Z",
    "dateReserved": "2011-04-26T00:00:00Z",
    "dateUpdated": "2024-09-16T18:29:20.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:connectra_ngx:r66.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62BDB1C3-D758-419E-A6AC-E233F99CF268\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:connectra_ngx:r66.1n:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9419EED4-63F0-46A9-AC83-79C2FF60A73B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:vpn-1:r65.70:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D56F0F77-45E4-44D0-96E6-EEA9DC857701\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:vpn-1:r70.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54839D2D-9ED5-4808-85C0-AA428A29A6A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:vpn-1:r71.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1472550E-7AFB-4088-9626-43122F5929E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:vpn-1:r75:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E601F27E-4F72-430F-931D-11F6A4DEBD96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:vpn-1_firewall-1_vsx:r65.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB63AE56-C53D-4AB4-9E62-A749829A5C2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:vpn-1_firewall-1_vsx:r67:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AF453B3-8E28-4F4C-AA83-044391C02954\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades sin especificar en Check Point SSL Network Extender (SNX), SecureWorkSpace y Endpoint Security On-Demand, como se distribuye en SecurePlatform, IPSO6, Connectra and VSX. Permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de vectores que involucran un (1) control ActiveX o (2) applet de Java.\"}]",
      "id": "CVE-2011-1827",
      "lastModified": "2024-11-21T01:27:07.710",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-10-05T02:56:24.753",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/47695\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/1162\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.sec-consult.com/en/advisories.html#a68\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/47695\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/1162\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.sec-consult.com/en/advisories.html#a68\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1827\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-10-05T02:56:24.753\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades sin especificar en Check Point SSL Network Extender (SNX), SecureWorkSpace y Endpoint Security On-Demand, como se distribuye en SecurePlatform, IPSO6, Connectra and VSX. Permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que involucran un (1) control ActiveX o (2) applet de Java.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:connectra_ngx:r66.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62BDB1C3-D758-419E-A6AC-E233F99CF268\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:connectra_ngx:r66.1n:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9419EED4-63F0-46A9-AC83-79C2FF60A73B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:vpn-1:r65.70:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D56F0F77-45E4-44D0-96E6-EEA9DC857701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:vpn-1:r70.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54839D2D-9ED5-4808-85C0-AA428A29A6A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:vpn-1:r71.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1472550E-7AFB-4088-9626-43122F5929E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:vpn-1:r75:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E601F27E-4F72-430F-931D-11F6A4DEBD96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:vpn-1_firewall-1_vsx:r65.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB63AE56-C53D-4AB4-9E62-A749829A5C2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:vpn-1_firewall-1_vsx:r67:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AF453B3-8E28-4F4C-AA83-044391C02954\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/47695\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/1162\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.sec-consult.com/en/advisories.html#a68\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/47695\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/1162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.sec-consult.com/en/advisories.html#a68\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2011-AVI-251

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans des produits d'accès en VPN de CheckPoint permet à un utilisateur malveillant d'injecter indirectement du code à distance.

Description

Une vulnérabilité existe dans plusieurs produits CheckPoint d'accès en VPN. Lors de l'utilisation au travers d'un navigateur, il est possible à un utilisateur malveillant de faire exécuter du code sur la machine cliente.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mobile Access / VPN SSL ;
	N/A	N/A	SSL Network Extender (SNX).

References

Title

Publication Time

Tags

Bulletin de sécurité CheckPoint sk62410 du 26 avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mobile Access / VPN SSL ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SSL Network Extender (SNX).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 existe dans plusieurs produits CheckPoint d\u0027acc\u00e8s en\nVPN. Lors de l\u0027utilisation au travers d\u0027un navigateur, il est possible \u00e0\nun utilisateur malveillant de faire ex\u00e9cuter du code sur la machine\ncliente.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1827"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-251",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans des produits d\u0027acc\u00e8s en VPN de CheckPoint permet\n\u00e0 un utilisateur malveillant d\u0027injecter indirectement du code \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans des produits d\u0027acc\u00e8s VPN de CheckPoint",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 CheckPoint sk62410 du 26 avril 2011",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410"
    }
  ]
}

CERTA-2011-AVI-251

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans des produits d'accès en VPN de CheckPoint permet à un utilisateur malveillant d'injecter indirectement du code à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mobile Access / VPN SSL ;
	N/A	N/A	SSL Network Extender (SNX).

References

Title

Publication Time

Tags

Bulletin de sécurité CheckPoint sk62410 du 26 avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mobile Access / VPN SSL ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SSL Network Extender (SNX).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 existe dans plusieurs produits CheckPoint d\u0027acc\u00e8s en\nVPN. Lors de l\u0027utilisation au travers d\u0027un navigateur, il est possible \u00e0\nun utilisateur malveillant de faire ex\u00e9cuter du code sur la machine\ncliente.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1827"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-251",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans des produits d\u0027acc\u00e8s en VPN de CheckPoint permet\n\u00e0 un utilisateur malveillant d\u0027injecter indirectement du code \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans des produits d\u0027acc\u00e8s VPN de CheckPoint",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 CheckPoint sk62410 du 26 avril 2011",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410"
    }
  ]
}

VAR-201110-0182

Vulnerability from variot - Updated: 2023-12-18 12:52

Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet. SNX SecureWorkSpace and Endpoint Security On-Demand can be downloaded from Connectra or security gateways for on-demand remote connectivity. They can be configured for browsing using the Check Point Deployment Agent Java applet or ActiveX controls. This vulnerability does not affect the Check Point Security Gateway. Multiple Check Point SSL VPN on-demand applications are prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code within the context of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. ----------------------------------------------------------------------

The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242

TITLE: Check Point SSL VPN On-Demand Applications Unspecified Vulnerability

SECUNIA ADVISORY ID: SA45575

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45575/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45575

RELEASE DATE: 2011-08-10

DISCUSS ADVISORY: http://secunia.com/advisories/45575/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/45575/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=45575

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability have been reported in Check Point SSL VPN On-Demand applications, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error in the helper application (e.g. No further information is currently available.

Please see the vendor's advisory for a list of affected versions.

SOLUTION: Apply updates. Please see the vendor's advisory for details.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Johannes Greil, SEC Consult.

ORIGINAL ADVISORY: https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. By disabling spyware and enforcing baseline security requirements before it grants SSL VPN access, Connectra stops identity and password theft and prevents data loss."

URL: http://www.checkpoint.com/products/connectra/

Vulnerability overview/description:

The client-side endpoint security solution (SSL Network Extender (SNX), SecureWorkSpace and Endpoint Security On-Demand), e.g.

Due to quality issues within the software, an attacker is able to access insecure methods from the "trustworthy" Java applet or ActiveX control and exploit those features to compromise all client systems that trust the correctly signed Java applet or ActiveX control (e.g. all users that need to use this software for accessing internal systems over company VPN).

As SEC Consult does not provide free of charge quality assurance for software vendors above providing information in advisories, no further proof of concepts than this advisory / exploit have been created. This JAR-file is extracted to %TEMP%\SWS (Windows) or /tmp/SWS (Linux). It includes the executable CPSWS.exe and some other XML and DLL files (side note: it is no workaround to remove "sws.jar" on the company Check Point Connectra appliance as this file can also remotely be deployed or fetched).

Calling the public method "CreatePackageURL" it is possible for an attacker to load the SWS feature/package. Afterwards "RunPackageAction" can be called to access the following actions of the "Secure Workspace" component: 1) runExeStart 2) runCmd 3) setXmlFile 4) dwnldFile 5) createCmdFile

The proof of concept uses "dwnldFile" and "runCmd" to upload an arbitrary executable file and store it as "CPSWS.exe" within the temporary directory of the victim's client system. Then "runCmd" is being called to automatically run the new malicious "CPSWS.exe" and compromise the client system.

So it's not just possible to execute commands on the clients but also to choose one's own arbitrary malicious payload.

==>> Summing up, an attacker is able to upload arbitrary executable files to remote clients and then immediately execute them without notice as a signed Java applet / ActiveX is being used (if "Always trust content from this publisher" has been checked - otherwise an unsuspicious Java digital signature verification popup will occur).

Possible attack vectors are drive-by downloads just by visiting malicious websites but also through emails, any XSS on unsuspicious websites, etc.

Proof of concept:

The exploit will not be published, but a video demonstrating this issue has been created. It can be found at the following URL:

https://www.sec-consult.com/files/110810_checkpoint_exploit.mp4

Vulnerable / tested versions:

The Deployment agent component of the Check Point Connectra R66 appliance has been tested and successfully exploited. Furthermore, a newer R70 has also been tested and found vulnerable.

Vulnerable signed Java applet certificate SHA1 fingerprint: F6:40:1D:7B:67:08:3C:0F:3D:2A:9F:BC:69:E2:AD:6C:A5:D6:F5:8D

Vulnerable ActiveX control "SlimClient Class" Class ID: {B4CB50E4-0309-4906-86EA-10B6641C8392}

Further information regarding affected Class ID and Oracle Java Blacklist SHA1-Hashes can be found within the advisory of Check Point.

The following affected product/version information has been supplied by Check Point: - R65.70 - R70.40 - R71.30 - R75 - Connectra R66.1 - Connectra R66.1n - VSX R65.20 - VSX R67

Vendor contact timeline:

2011-03-31: Contacting Check Point security team (security-alert@checkpoint.com), received auto-reply email 2011-03-31: Vendor: Very fast response, issue is being investigated, Check Point will reply early next week 2011-04-03: Vendor: asking for further information, exploit setup 2011-04-04: Replying to vendor 2011-04-05: Vendor: confirmation of vulnerability, more information end of week 2011-04-08: Asking for status 2011-04-09: Vendor: Working on the fix and release plan 2011-04-11: Asking for CVE number @MITRE 2011-04-12: Sending more details to MITRE, asking Check Point for version numbers and affected products 2011-04-13 - 2011-04-22: Coordination with Check Point regarding release and fix 2011-04-21: Contacting local CERT (Austria, Germany) 2011-04-25: Check Point releases their advisory including patches 2011-04-26: Asking again for CVE number 2011-05-26: Asking about status for Microsoft killbit patch 2011-05-29: Vendor: Microsoft did postpone patch from June to August 2011-08-08: Asking about status for patch; Vendor: MS publication expected 2011-08-09: Microsoft publishes killbit patch 2011-08-10: Coordinated release of SEC Consult advisory

Solution:

The following patches have been supplied by Check Point: - Hotfix for R65.70 - Hotfix for R70.40 - Hotfix for R71.30 - Hotfix for R75 - Hotfix for Connectra R66.1 - Hotfix for Connectra R66.1n - Hotfix for VSX R65.20 - Hotfix for VSX R67

For further information see the advisory of Check Point: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62410

The following Microsoft Killbit Patch should be applied: http://www.microsoft.com/technet/security/advisory/2562937.mspx

Workaround:

You should really apply the patches and invalidate the vulnerable ActiveX control and Java applet.

Detailed information and a howto including tools can be found within the advisory of Check Point.

Advisory URLs:

https://www.sec-consult.com/en/advisories.html

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62410

http://www.microsoft.com/technet/security/advisory/2562937.mspx

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Unternehmensberatung GmbH

Office Vienna Mooslackengasse 17 A-1190 Vienna Austria

Tel.: +43 / 1 / 890 30 43 - 0 Fax.: +43 / 1 / 890 30 43 - 25 Mail: research at sec-consult dot com www.sec-consult.com

EOF J. Greil / @2011

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0182",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "connectra ngx",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "r66.1"
      },
      {
        "model": "vpn-1 firewall-1 vsx",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "r65.20"
      },
      {
        "model": "vpn-1 firewall-1 vsx",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "r67"
      },
      {
        "model": "connectra ngx",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "r66.1n"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "r65.70"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "r70.40"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "r75"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "r71.30"
      },
      {
        "model": "point software vsx r65.20",
        "scope": null,
        "trust": 0.9,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vsx r67",
        "scope": null,
        "trust": 0.9,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software secureplatform r65.70",
        "scope": null,
        "trust": 0.9,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software secureplatform r70.40",
        "scope": null,
        "trust": 0.9,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software secureplatform r71.30",
        "scope": null,
        "trust": 0.9,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software secureplatform r75",
        "scope": null,
        "trust": 0.9,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software ipso6 r65.70",
        "scope": null,
        "trust": 0.9,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software ipso6 r70.40",
        "scope": null,
        "trust": 0.9,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software ipso6 r71.30",
        "scope": null,
        "trust": 0.9,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software ipso6 r75",
        "scope": null,
        "trust": 0.9,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software connectra r66.1",
        "scope": null,
        "trust": 0.9,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software connectra r66.1n",
        "scope": null,
        "trust": 0.9,
        "vendor": "check",
        "version": null
      },
      {
        "model": "connectra ngx",
        "scope": null,
        "trust": 0.8,
        "vendor": "check point",
        "version": null
      },
      {
        "model": "vpn-1 power vsx",
        "scope": null,
        "trust": 0.8,
        "vendor": "check point",
        "version": null
      },
      {
        "model": "vpn-1/firewall-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "check point",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1706"
      },
      {
        "db": "BID",
        "id": "47695"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002349"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1827"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-236"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:connectra_ngx:r66.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1_firewall-1_vsx:r65.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:r65.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:r70.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:r71.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:r75:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:connectra_ngx:r66.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1_firewall-1_vsx:r67:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-1827"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Johannes Greil of SEC Consult Unternehmensberatung",
    "sources": [
      {
        "db": "BID",
        "id": "47695"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-1827",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2011-1827",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-49772",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-1827",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201108-236",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-49772",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-49772"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002349"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1827"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-236"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet. SNX SecureWorkSpace and Endpoint Security On-Demand can be downloaded from Connectra or security gateways for on-demand remote connectivity. They can be configured for browsing using the Check Point Deployment Agent Java applet or ActiveX controls. This vulnerability does not affect the Check Point Security Gateway. Multiple Check Point SSL VPN on-demand applications are prone to a remote code-execution vulnerability. \nSuccessful exploits will allow the attacker to execute arbitrary code within the context of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nCheck Point SSL VPN On-Demand Applications Unspecified Vulnerability\n\nSECUNIA ADVISORY ID:\nSA45575\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45575/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45575\n\nRELEASE DATE:\n2011-08-10\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45575/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45575/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45575\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability have been reported in Check Point SSL VPN On-Demand\napplications, which can be exploited by malicious people to\ncompromise a user\u0027s system. \n\nThe vulnerability is caused due to an unspecified error in the helper\napplication (e.g. No\nfurther information is currently available. \n\nPlease see the vendor\u0027s advisory for a list of affected versions. \n\nSOLUTION:\nApply updates. Please see the vendor\u0027s advisory for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Johannes Greil, SEC Consult. \n\nORIGINAL ADVISORY:\nhttps://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. By disabling spyware and enforcing baseline security\nrequirements before it grants SSL VPN access, Connectra stops identity\nand password theft and prevents data loss.\"\n\nURL: http://www.checkpoint.com/products/connectra/\n\n\nVulnerability overview/description:\n-----------------------------------\nThe client-side endpoint security solution (SSL Network Extender (SNX),\nSecureWorkSpace and Endpoint Security On-Demand), e.g. \n\nDue to quality issues within the software, an attacker is able to access\ninsecure methods from the \"trustworthy\" Java applet or ActiveX control\nand exploit those features to compromise all client systems that trust\nthe correctly signed Java applet or ActiveX control (e.g. all users\nthat need to use this software for accessing internal systems over\ncompany VPN). \n\nAs SEC Consult does not provide free of charge quality assurance for\nsoftware vendors above providing information in advisories, no further\nproof of concepts than this advisory / exploit have been created. This JAR-file is extracted to %TEMP%\\SWS\n(Windows) or /tmp/SWS (Linux). It includes the executable CPSWS.exe and\nsome other XML and DLL files (side note: it is no workaround to remove\n\"sws.jar\" on the company Check Point Connectra appliance as this file\ncan also remotely be deployed or fetched). \n\nCalling the public method \"CreatePackageURL\" it is possible for an\nattacker to load the SWS feature/package. Afterwards \"RunPackageAction\"\ncan be called to access the following actions of the \"Secure Workspace\"\ncomponent:\n1) runExeStart\n2) runCmd\n3) setXmlFile\n4) dwnldFile\n5) createCmdFile\n\nThe proof of concept uses \"dwnldFile\" and \"runCmd\" to upload an\narbitrary executable file and store it as \"CPSWS.exe\" within the\ntemporary directory of the victim\u0027s client system. Then \"runCmd\" is\nbeing called to automatically run the new malicious \"CPSWS.exe\" and\ncompromise the client system. \n\nSo it\u0027s not just possible to execute commands on the clients but also to\nchoose one\u0027s own arbitrary malicious payload. \n\n\n==\u003e\u003e\nSumming up, an attacker is able to upload arbitrary executable files to\nremote clients and then immediately execute them without notice as a\nsigned Java applet / ActiveX is being used (if \"Always trust content\nfrom this publisher\" has been checked - otherwise an unsuspicious Java\ndigital signature verification popup will occur). \n\nPossible attack vectors are drive-by downloads just by visiting\nmalicious websites but also through emails, any XSS on unsuspicious\nwebsites, etc. \n\n\nProof of concept:\n-----------------\nThe exploit will not be published, but a video demonstrating this issue\nhas been created. It can be found at the following URL:\n\nhttps://www.sec-consult.com/files/110810_checkpoint_exploit.mp4\n\n\nVulnerable / tested versions:\n-----------------------------\nThe Deployment agent component of the Check Point Connectra R66\nappliance has been tested and successfully exploited. Furthermore, a\nnewer R70 has also been tested and found vulnerable. \n\nVulnerable signed Java applet certificate SHA1 fingerprint:\n   F6:40:1D:7B:67:08:3C:0F:3D:2A:9F:BC:69:E2:AD:6C:A5:D6:F5:8D\n\nVulnerable ActiveX control \"SlimClient Class\" Class ID:\n   {B4CB50E4-0309-4906-86EA-10B6641C8392}\n\nFurther information regarding affected Class ID and Oracle Java\nBlacklist SHA1-Hashes can be found within the advisory of Check Point. \n\nThe following affected product/version information has been supplied by\nCheck Point:\n- R65.70 \n- R70.40 \n- R71.30 \n- R75 \n- Connectra R66.1 \n- Connectra R66.1n \n- VSX R65.20 \n- VSX R67\n\n\n\nVendor contact timeline:\n------------------------\n2011-03-31: Contacting Check Point security team\n            (security-alert@checkpoint.com), received auto-reply email\n2011-03-31: Vendor: Very fast response, issue is being investigated,\n            Check Point will reply early next week\n2011-04-03: Vendor: asking for further information, exploit setup\n2011-04-04: Replying to vendor\n2011-04-05: Vendor: confirmation of vulnerability, more information\n            end of week\n2011-04-08: Asking for status\n2011-04-09: Vendor: Working on the fix and release plan\n2011-04-11: Asking for CVE number @MITRE\n2011-04-12: Sending more details to MITRE, asking Check Point for\n            version numbers and affected products\n2011-04-13 - 2011-04-22: Coordination with Check Point regarding\n            release and fix\n2011-04-21: Contacting local CERT (Austria, Germany)\n2011-04-25: Check Point releases their advisory including patches\n2011-04-26: Asking again for CVE number\n2011-05-26: Asking about status for Microsoft killbit patch\n2011-05-29: Vendor: Microsoft did postpone patch from June to August\n2011-08-08: Asking about status for patch; Vendor: MS publication\n            expected\n2011-08-09: Microsoft publishes killbit patch\n2011-08-10: Coordinated release of SEC Consult advisory\n\n\n\nSolution:\n---------\nThe following patches have been supplied by Check Point:\n- Hotfix for R65.70 \n- Hotfix for R70.40 \n- Hotfix for R71.30 \n- Hotfix for R75 \n- Hotfix for Connectra R66.1 \n- Hotfix for Connectra R66.1n \n- Hotfix for VSX R65.20 \n- Hotfix for VSX R67\n\nFor further information see the advisory of Check Point:\nhttps://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk62410\n\n\nThe following Microsoft Killbit Patch should be applied:\nhttp://www.microsoft.com/technet/security/advisory/2562937.mspx\n\n\nWorkaround:\n-----------\nYou should really apply the patches and invalidate the vulnerable\nActiveX control and Java applet. \n\nDetailed information and a howto including tools can be found within the\nadvisory of Check Point. \n\n\nAdvisory URLs:\n--------------\nhttps://www.sec-consult.com/en/advisories.html\n\nhttps://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk62410\n\nhttp://www.microsoft.com/technet/security/advisory/2562937.mspx\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nSEC Consult Unternehmensberatung GmbH\n\nOffice Vienna\nMooslackengasse 17\nA-1190 Vienna\nAustria\n\nTel.: +43 / 1 / 890 30 43 - 0\nFax.: +43 / 1 / 890 30 43 - 25\nMail: research at sec-consult dot com\nwww.sec-consult.com\n\nEOF J. Greil / @2011\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-1827"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002349"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1706"
      },
      {
        "db": "BID",
        "id": "47695"
      },
      {
        "db": "VULHUB",
        "id": "VHN-49772"
      },
      {
        "db": "PACKETSTORM",
        "id": "103877"
      },
      {
        "db": "PACKETSTORM",
        "id": "103907"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-49772",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-49772"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-1827",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "47695",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-1162",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002349",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-236",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "45575",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1706",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "17508",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "103907",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-49772",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "103877",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1706"
      },
      {
        "db": "VULHUB",
        "id": "VHN-49772"
      },
      {
        "db": "BID",
        "id": "47695"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002349"
      },
      {
        "db": "PACKETSTORM",
        "id": "103877"
      },
      {
        "db": "PACKETSTORM",
        "id": "103907"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1827"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-236"
      }
    ]
  },
  "id": "VAR-201110-0182",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1706"
      },
      {
        "db": "VULHUB",
        "id": "VHN-49772"
      }
    ],
    "trust": 1.15833334
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1706"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:52:23.851000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "sk62410",
        "trust": 0.8,
        "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk62410"
      },
      {
        "title": "Patch for multiple Check Point SSL VPN On-Demand application remote code execution vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/3758"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1706"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002349"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-1827"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/47695"
      },
      {
        "trust": 1.7,
        "url": "https://www.sec-consult.com/en/advisories.html#a68"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2011/1162"
      },
      {
        "trust": 1.0,
        "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk62410"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1827"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1827"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/45575"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/17508"
      },
      {
        "trust": 0.4,
        "url": "http://www.microsoft.com/technet/security/advisory/2562937.mspx"
      },
      {
        "trust": 0.4,
        "url": "http://www.checkpoint.com"
      },
      {
        "trust": 0.3,
        "url": "https://www.sec-consult.com/files/20110810-0_checkpoint_deployment_agent_remote_file_upload_and_cmd_exec_cve-2011-1827.txt"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/blog/242"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/45575/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45575"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/45575/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1827"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com/files/110810_checkpoint_exploit.mp4"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com/en/advisories.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.checkpoint.com/products/ssl_network_ext/"
      },
      {
        "trust": 0.1,
        "url": "http://www.checkpoint.com/products/connectra/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1706"
      },
      {
        "db": "VULHUB",
        "id": "VHN-49772"
      },
      {
        "db": "BID",
        "id": "47695"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002349"
      },
      {
        "db": "PACKETSTORM",
        "id": "103877"
      },
      {
        "db": "PACKETSTORM",
        "id": "103907"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1827"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-236"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1706"
      },
      {
        "db": "VULHUB",
        "id": "VHN-49772"
      },
      {
        "db": "BID",
        "id": "47695"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002349"
      },
      {
        "db": "PACKETSTORM",
        "id": "103877"
      },
      {
        "db": "PACKETSTORM",
        "id": "103907"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1827"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-236"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-05-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-1706"
      },
      {
        "date": "2011-10-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-49772"
      },
      {
        "date": "2011-05-03T00:00:00",
        "db": "BID",
        "id": "47695"
      },
      {
        "date": "2011-10-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002349"
      },
      {
        "date": "2011-08-10T07:36:34",
        "db": "PACKETSTORM",
        "id": "103877"
      },
      {
        "date": "2011-08-11T04:22:33",
        "db": "PACKETSTORM",
        "id": "103907"
      },
      {
        "date": "2011-10-05T02:56:24.753000",
        "db": "NVD",
        "id": "CVE-2011-1827"
      },
      {
        "date": "2011-08-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201108-236"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-05-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-1706"
      },
      {
        "date": "2012-05-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-49772"
      },
      {
        "date": "2011-08-18T18:50:00",
        "db": "BID",
        "id": "47695"
      },
      {
        "date": "2011-10-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002349"
      },
      {
        "date": "2012-05-14T04:00:00",
        "db": "NVD",
        "id": "CVE-2011-1827"
      },
      {
        "date": "2011-10-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201108-236"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "103907"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-236"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Check Point of Vulnerability in arbitrary code execution in multiple products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002349"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-236"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2011-1827

Vulnerability from fkie_nvd - Published: 2011-10-05 02:56 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/47695
cve@mitre.org	http://www.vupen.com/english/advisories/2011/1162	Vendor Advisory
cve@mitre.org	https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410
cve@mitre.org	https://www.sec-consult.com/en/advisories.html#a68
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47695
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1162	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410
af854a3a-2127-422b-91ae-364da2661108	https://www.sec-consult.com/en/advisories.html#a68

Impacted products

Vendor	Product	Version
checkpoint	connectra_ngx	r66.1
checkpoint	connectra_ngx	r66.1n
checkpoint	vpn-1	r65.70
checkpoint	vpn-1	r70.40
checkpoint	vpn-1	r71.30
checkpoint	vpn-1	r75
checkpoint	vpn-1_firewall-1_vsx	r65.20
checkpoint	vpn-1_firewall-1_vsx	r67

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:checkpoint:connectra_ngx:r66.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62BDB1C3-D758-419E-A6AC-E233F99CF268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:connectra_ngx:r66.1n:*:*:*:*:*:*:*",
              "matchCriteriaId": "9419EED4-63F0-46A9-AC83-79C2FF60A73B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:r65.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56F0F77-45E4-44D0-96E6-EEA9DC857701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:r70.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "54839D2D-9ED5-4808-85C0-AA428A29A6A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:r71.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "1472550E-7AFB-4088-9626-43122F5929E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:r75:*:*:*:*:*:*:*",
              "matchCriteriaId": "E601F27E-4F72-430F-931D-11F6A4DEBD96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1_firewall-1_vsx:r65.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB63AE56-C53D-4AB4-9E62-A749829A5C2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1_firewall-1_vsx:r67:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF453B3-8E28-4F4C-AA83-044391C02954",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades sin especificar en Check Point SSL Network Extender (SNX), SecureWorkSpace y Endpoint Security On-Demand, como se distribuye en SecurePlatform, IPSO6, Connectra and VSX. Permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que involucran un (1) control ActiveX o (2) applet de Java."
    }
  ],
  "id": "CVE-2011-1827",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-10-05T02:56:24.753",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/47695"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1162"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.sec-consult.com/en/advisories.html#a68"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.sec-consult.com/en/advisories.html#a68"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-1827

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1827

Aliases

CVE-2011-1827

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1827",
    "description": "Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.",
    "id": "GSD-2011-1827"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1827"
      ],
      "details": "Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.",
      "id": "GSD-2011-1827",
      "modified": "2023-12-13T01:19:07.494766Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-1827",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "47695",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/47695"
          },
          {
            "name": "https://www.sec-consult.com/en/advisories.html#a68",
            "refsource": "MISC",
            "url": "https://www.sec-consult.com/en/advisories.html#a68"
          },
          {
            "name": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410",
            "refsource": "CONFIRM",
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410"
          },
          {
            "name": "ADV-2011-1162",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/1162"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:connectra_ngx:r66.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1_firewall-1_vsx:r65.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:r65.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:r70.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:r71.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:r75:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:connectra_ngx:r66.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1_firewall-1_vsx:r67:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1827"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-1162",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/1162"
            },
            {
              "name": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410"
            },
            {
              "name": "47695",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/47695"
            },
            {
              "name": "https://www.sec-consult.com/en/advisories.html#a68",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.sec-consult.com/en/advisories.html#a68"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2012-05-14T04:00Z",
      "publishedDate": "2011-10-05T02:56Z"
    }
  }
}

GHSA-QF7F-G953-JJ25

Vulnerability from github – Published: 2022-05-17 05:30 – Updated: 2022-05-17 05:30

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1827"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-10-05T02:56:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.",
  "id": "GHSA-qf7f-g953-jj25",
  "modified": "2022-05-17T05:30:20Z",
  "published": "2022-05-17T05:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1827"
    },
    {
      "type": "WEB",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410"
    },
    {
      "type": "WEB",
      "url": "https://www.sec-consult.com/en/advisories.html#a68"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/47695"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/1162"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1827 (GCVE-0-2011-1827)

CERTA-2011-AVI-251

Description

Solution

CERTA-2011-AVI-251

Description

Solution

VAR-201110-0182

Vulnerability overview/description:

Proof of concept:

Vulnerable / tested versions:

Vendor contact timeline:

Solution:

Workaround:

Advisory URLs:

FKIE_CVE-2011-1827

GSD-2011-1827

GHSA-QF7F-G953-JJ25

Tags

Sightings

Nomenclature