Brute-Force Vulnerability in Check Point's IPsec VPN and SSL Network Extender
CVE-2022-23746

7.5HIGH

Key Information:

Vendor: Checkpoint
Status: Gateway & Management, Ipsec Vpn Blade Snx Portal.
Vendor: CVE Published:; 30 November 2022

What is CVE-2022-23746?

The IPsec VPN blade from Check Point features a portal intended for users to download and connect through the SSL Network Extender (SNX). When the portal is set up to utilize username and password authentication, it becomes susceptible to brute-force attacks, allowing malicious actors to systematically attempt various username and password combinations to gain unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Gateway & Management, IPsec VPN blade SNX portal. R81.10 before take 79, R81 before take 77, R80.40 before take 180, R80.30 before take 255, R80.20 before 230

References

https://supportcenter.checkpoint.com/supportcenter/portal...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2022
Vulnerability Reserved
Jan 19, 2022

JSON

Checkpoint

What is CVE-2022-23746?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.