Lucene search

MitreCVE-2014-1672

HistoryJan 26, 2014 - 1:55 a.m.

CVE-2014-1672

2014-01-2601:55:26

CWE-264

mitre

web.nvd.nist.gov

check point

r75.47

security gateway

management server

anti-spoofing

routing table

access restrictions

nvd

cve-2014-1672

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

50.2%

JSON

Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the “Get - Interfaces with Topology” action is performed, which allows attackers to bypass intended access restrictions.

Affected configurations

Nvd

Node

checkpointmanagement_serverMatchr75.47

checkpointsecurity_gatewayMatchr75.47

VendorProductVersionCPE
checkpointmanagement_serverr75.47cpe:2.3:a:checkpoint:management_server:r75.47:*:*:*:*:*:*:*
checkpointsecurity_gatewayr75.47cpe:2.3:a:checkpoint:security_gateway:r75.47:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
checkpoint	management_server	r75.47	cpe:2.3:a:checkpoint:management_server:r75.47:::::::*
checkpoint	security_gateway	r75.47	cpe:2.3:a:checkpoint:security_gateway:r75.47:::::::*

References

exchange.xforce.ibmcloud.com/vulnerabilities/90976

supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98087

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

50.2%

JSON

Related for CVE-2014-1672