6.5

CVE-2008-1397

Exploit
Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CheckpointCheck Point Vpn-1 Pro Versionngx_r61
CheckpointCheck Point Vpn-1 Pro Versionngx_r62_ga
CheckpointVpn-1 Versionngx_r60 Editionpro
CheckpointVpn-1 Firewall-1 Versionng_ai_r55
CheckpointVpn-1 Power Utm Versionngx_r65_with_messaging_security
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.17% 0.799
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://puresecurity.com.au/index.php?action=fullnews&id=5
http://secunia.com/advisories/29394
Vendor Advisory
http://www.kb.cert.org/vuls/id/992585
US Government Resource
http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf
Exploit
http://www.securityfocus.com/bid/28299
http://www.securitytracker.com/id?1019666
http://www.vupen.com/english/advisories/2008/0953/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41260
https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579
Patch