CVE-2022-23746

7.5HIGH

Key Information

Vendor: Checkpoint
Status: Gateway & Management, Ipsec Vpn Blade Snx Portal.
Vendor: CVE Published:; 30 November 2022

Summary

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.

Affected Version(s)

Gateway & Management, IPsec VPN blade SNX portal. = R81.10 before take 79, R81 before take 77, R80.40 before take 180, R80.30 before take 255, R80.20 before 230

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 30, 2022
Vulnerability Reserved.
Jan 19, 2022

Collectors

NVD DatabaseMitre Database