Weak X.509 Certificate Validation in Check Point Endpoint Security Product
CVE-2013-7304

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Endpoint Security Mi Server R73
Vendor: CVE Published:; 22 January 2014

Summary

The Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 lacks proper X.509 certificate validation for client devices. This deficiency enables attackers to execute man-in-the-middle attacks by impersonating SSL servers with arbitrary certificates during established client sessions. As a result, sensitive data transfer can be exposed, making it critical for organizations using this product to implement immediate remediation measures.

References

https://supportcenter.checkpoint.com/supportcenter/portal...

x_refsource_CONFIRM

http://secunia.com/advisories/56744

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/90674

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 22, 2014
Vulnerability Reserved
Jan 22, 2014