CVE-2022-23746

7.5HIGH

Key Information:

Vendor: Checkpoint
Status: Gateway & Management, Ipsec Vpn Blade Snx Portal.
Vendor: CVE Published:; 30 November 2022

Summary

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.

Affected Version(s)

Gateway & Management, IPsec VPN blade SNX portal. R81.10 before take 79, R81 before take 77, R80.40 before take 180, R80.30 before take 255, R80.20 before 230

References

https://supportcenter.checkpoint.com/supportcenter/portal...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2022
Vulnerability Reserved
Jan 19, 2022