CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.6%
A vulnerability exists in Check Point’s VPN-1 Server, which is included in many Check Point products. This vulnerability may permit a remote attacker to compromise the gateway system.
Check Point VPN-1 Server is a Virtual Private Network (VPN) application. A buffer overflow condition exists in an ASN.1 decoding library used by the VPN-1 software. This vulnerability could be exploited during the negotiation process of establishing a new VPN connection. To exploit this vulnerability, an attacker must initiate an IKE negotiation and then send a malformed IKE packet. The exploit packet must be encrypted, which prevents its detection by using a signature. However, if Aggressive Mode IKE is implemented, this vulnerability may be exploited via a single packet.
According to ISS X-Force’s advisory, the following products are reported as vulnerable:
* VPN-1/FireWall-1 NG with Application Intelligence R54
* VPN-1/FireWall-1 NG with Application Intelligence R55
* VPN-1/FireWall-1 NG with Application Intelligence R55W
* VPN-1/FireWall-1 Next Generation FP3
* VPN-1/FireWall-1 VSX FireWall-1 GX
* VPN-1 SecuRemote/SecureClient All Versions
A remote attacker may be able to compromise the VPN gateway system.
Apply the appropriate patch from Check Point’s security alert to address this issue.
435358
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 02, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.checkpoint.com/techsupport/alerts/asn1.html>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23435358 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Mark Dowd and Neel Mehta of the ISS X-Force for reporting this vulnerability.
This document was written by Jason A Rafail.
CVE IDs: | CVE-2004-0699 |
---|---|
Severity Metric: | 15.75 Date Public: |