Brute-Force Vulnerability in Check Point's IPsec VPN and SSL Network Extender
CVE-2022-23746

7.5HIGH

Key Information:

Vendor: Checkpoint
Status: Gateway & Management, Ipsec Vpn Blade Snx Portal.
Vendor: CVE Published:; 30 November 2022

Summary

The IPsec VPN blade from Check Point features a portal intended for users to download and connect through the SSL Network Extender (SNX). When the portal is set up to utilize username and password authentication, it becomes susceptible to brute-force attacks, allowing malicious actors to systematically attempt various username and password combinations to gain unauthorized access.

Affected Version(s)

Gateway & Management, IPsec VPN blade SNX portal. R81.10 before take 79, R81 before take 77, R80.40 before take 180, R80.30 before take 255, R80.20 before 230

References

https://supportcenter.checkpoint.com/supportcenter/portal...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2022
Vulnerability Reserved
Jan 19, 2022