CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
55.3%
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of ‘.log’ files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in ‘.log’, or (2) local users to overwrite arbitrary files via a symlink attack.
Vendor | Product | Version | CPE |
---|---|---|---|
checkpoint | firewall-1 | 3.0 | cpe:2.3:a:checkpoint:firewall-1:3.0:*:*:*:*:*:*:* |
checkpoint | firewall-1 | 4.0 | cpe:2.3:a:checkpoint:firewall-1:4.0:*:*:*:*:*:*:* |
checkpoint | firewall-1 | 4.1 | cpe:2.3:a:checkpoint:firewall-1:4.1:*:*:*:*:*:*:* |
checkpoint | firewall-1 | 4.1 | cpe:2.3:a:checkpoint:firewall-1:4.1:sp1:*:*:*:*:*:* |
checkpoint | firewall-1 | 4.1 | cpe:2.3:a:checkpoint:firewall-1:4.1:sp2:*:*:*:*:*:* |