[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Checkpoint VPN - Priviledge Escalation
It appears this bug has gone unoticed to vulnerability databases
maintainers, very likely due to the lack of disclosure/publication.
This usually means it's also not in compliance/patching systems and
exposes customers to unecessary risk. To counteract I'd like to drop
Checkpoint SNX Escalation of Privileges Vulnerability
Product:SSL Network Extender, Endpoint Security Client, Endpoint Connect, Endpoint Security VPN
URL : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk60510
The following product versions are not vulnerable:
* EPS R80
* EPS R73 HFA01
* EPC R73 HFA01
* EPS R75 VPN
* SNX R75
* SNX R71.30
All other versions of SNX, EPS and EPC are vulnerable.
Check Point thanks Thierry Zoller and Nagib Guettiche of Verizon Business (www.verizonbusiness.com) for bringing this issue to our attention in a forthright and professional manner.