Cross-Site Request Forgery in Check Point VPN-1 Edge Management Interface
CVE-2007-3489

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Vpn-1 Utm Edge
Vendor: CVE Published:; 29 June 2007

What is CVE-2007-3489?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the management interface of Check Point VPN-1 Edge NGX 7.0.33x. This security flaw enables remote attackers to carry out unauthorized privileged actions as administrators. Specifically, a malicious request can be constructed using the swuuser and swupass parameters to add an administrator account without any logout capabilities in the management interface, making it susceptible to persistent exploits.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35103

vdb-entryx_refsource_XF

http://osvdb.org/37645

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2007/2363

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2007
Vulnerability Reserved
Jun 29, 2007

Checkpoint

What is CVE-2007-3489?

References

Timeline