[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Checkpoint VPN - Priviledge Escalation

It  appears  this  bug  has  gone  unoticed to vulnerability databases
maintainers, very likely due to the lack  of disclosure/publication.
This usually means it's also not in compliance/patching systems and
exposes  customers  to unecessary risk. To counteract I'd like to drop
this note.

Checkpoint SNX Escalation of Privileges Vulnerability
Product:SSL Network Extender, Endpoint Security Client, Endpoint Connect, Endpoint Security VPN
URL : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk60510

The following product versions are not vulnerable:
* EPS R80
* EPS R73 HFA01
* EPC R73 HFA01
* SNX R75
* SNX R71.30

All other versions of SNX, EPS and EPC are vulnerable.

Check Point thanks Thierry Zoller and Nagib Guettiche of Verizon Business (www.verizonbusiness.com) for bringing this issue to our attention in a forthright and professional manner.