Security Policy Bypass in Check Point VPN-1 SecureClient NG
CVE-2005-4093

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Secureclient Ng; Vpn-1 Secureclient
Vendor: CVE Published:; 8 December 2005

Summary

The Check Point VPN-1 SecureClient NG versions R56, NG FP1, 4.0, and 4.1 possess a vulnerability that allows remote attackers to circumvent established security policies. This is achieved by altering the local version of the local.scv policy file after its retrieval from the VPN endpoint, potentially exposing the system to unauthorized access and threats.

References

http://www.securityfocus.com/bid/15757

vdb-entryx_refsource_BID

http://lists.grok.org.uk/pipermail/full-disclosure/2005-D...

mailing-listx_refsource_FULLDISC

http://www.mail-archive.com/swinog%40lists.swinog.ch/msg0...

x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 8, 2005
Vulnerability Reserved
Dec 8, 2005