VAR-200107-0054
Vulnerability from variot - Updated: 2023-12-18 11:14Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts. Check Point VPN-1/FireWall-1 version 4.0 & 4.1 may allow an intruder to pass traffic through the firewall on port 259. It is designed to work on various operating systems, both as a single firewall or as a firewall cluster system. A problem has been discovered with the firewall that allows traversal. It is possible for a remote user to pass packets across the firewall via port 259 by using false RDP headers on UDP packets. This makes it possible for remote users to gain access to restricted information systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200107-0054",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "4.1_build_41439"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "4.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": "point software firewall-1 [ vpn des ]",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "+4.1"
},
{
"model": "point software firewall-1 [ vpn des strong ] sp2 build",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "++4.141716"
},
{
"model": "point software firewall-1 [ vpn des strong ] build",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "++4.141439"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#310295"
},
{
"db": "BID",
"id": "2952"
},
{
"db": "NVD",
"id": "CVE-2001-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-062"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:4.1:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:4.1_build_41439:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1158"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was originally discovered by Jochen Thomas Bauer \u003cjtb@inside-security.de\u003e and Wesslowski \u003cbw@inside-security.de\u003e.",
"sources": [
{
"db": "BID",
"id": "2952"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-062"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3963",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-1158",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#310295",
"trust": 0.8,
"value": "51.30"
},
{
"author": "CNNVD",
"id": "CNNVD-200107-062",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3963",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#310295"
},
{
"db": "VULHUB",
"id": "VHN-3963"
},
{
"db": "NVD",
"id": "CVE-2001-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-062"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts. Check Point VPN-1/FireWall-1 version 4.0 \u0026 4.1 may allow an intruder to pass traffic through the firewall on port 259. It is designed to work on various operating systems, both as a single firewall or as a firewall cluster system. \nA problem has been discovered with the firewall that allows traversal. It is possible for a remote user to pass packets across the firewall via port 259 by using false RDP headers on UDP packets. \nThis makes it possible for remote users to gain access to restricted information systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1158"
},
{
"db": "CERT/CC",
"id": "VU#310295"
},
{
"db": "BID",
"id": "2952"
},
{
"db": "VULHUB",
"id": "VHN-3963"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2952",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#310295",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2001-1158",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "1884",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200107-062",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "CA-2001-17",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010709 CHECK POINT RESPONSE TO RDP BYPASS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010709 CHECK POINT FIREWALL-1 RDP BYPASS VULNERABILITY",
"trust": 0.6
},
{
"db": "CHECKPOINT",
"id": "20010712 RDP BYPASS WORKAROUND FOR VPN-1/FIREWALL 4.1 SPX",
"trust": 0.6
},
{
"db": "CIAC",
"id": "L-109",
"trust": 0.6
},
{
"db": "XF",
"id": "1",
"trust": 0.6
},
{
"db": "XF",
"id": "6815",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3963",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#310295"
},
{
"db": "VULHUB",
"id": "VHN-3963"
},
{
"db": "BID",
"id": "2952"
},
{
"db": "NVD",
"id": "CVE-2001-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-062"
}
]
},
"id": "VAR-200107-0054",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3963"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:14:58.716000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/2952"
},
{
"trust": 2.0,
"url": "http://www.checkpoint.com/techsupport/alerts/rdp.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0128.html"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/cgi-bin/archive.pl?id=1\u0026start=2002-03-11\u0026end=2002-03-17\u0026mid=195647\u0026threads=1"
},
{
"trust": 1.7,
"url": "http://www.cert.org/advisories/ca-2001-17.html"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/310295"
},
{
"trust": 1.7,
"url": "http://ciac.llnl.gov/ciac/bulletins/l-109.shtml"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/1884"
},
{
"trust": 1.1,
"url": "http://www.checkpoint.com/techsupport/alerts/"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6815"
},
{
"trust": 0.8,
"url": "http://www.inside-security.de/advisories/fw1_rdp.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6815.php"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/downloads/downloads.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#310295"
},
{
"db": "VULHUB",
"id": "VHN-3963"
},
{
"db": "BID",
"id": "2952"
},
{
"db": "NVD",
"id": "CVE-2001-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-062"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#310295"
},
{
"db": "VULHUB",
"id": "VHN-3963"
},
{
"db": "BID",
"id": "2952"
},
{
"db": "NVD",
"id": "CVE-2001-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-062"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-07-09T00:00:00",
"db": "CERT/CC",
"id": "VU#310295"
},
{
"date": "2001-07-09T00:00:00",
"db": "VULHUB",
"id": "VHN-3963"
},
{
"date": "2001-06-28T00:00:00",
"db": "BID",
"id": "2952"
},
{
"date": "2001-07-09T04:00:00",
"db": "NVD",
"id": "CVE-2001-1158"
},
{
"date": "2001-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200107-062"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-04-09T00:00:00",
"db": "CERT/CC",
"id": "VU#310295"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3963"
},
{
"date": "2019-01-31T06:00:00",
"db": "BID",
"id": "2952"
},
{
"date": "2017-10-10T01:30:01.250000",
"db": "NVD",
"id": "CVE-2001-1158"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200107-062"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200107-062"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point RDP Bypass Vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#310295"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200107-062"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…