Denial of Service Vulnerability in Check Point VPN-1 Power/UTM
CVE-2008-1397
Currently unrated
Key Information:
- Vendor
- Checkpoint
- Vendor
- CVE Published:
- 20 March 2008
Summary
The Check Point VPN-1 Power/UTM, running on NGX R60 to R65 and NG AI R55, is susceptible to a denial of service condition. Remote authenticated users can exploit this vulnerability by setting the local RFC1918 IP address identical to that of one of the endpoint RFC1918 IP addresses of an active site-to-site VPN tunnel. Once this configuration is in place, the attacker can utilize SecuRemote to connect to a network interface on the receiving endpoint, resulting in a disruption of the VPN tunnel and potential interception of network traffic. Proper configuration and regular updates are essential to mitigate this risk.
References
EPSS Score
8% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved