Roni Bachar and Nir Goldshlager have reported a vulnerability in Check Point products, which can be exploited by malicious people to bypass certain security restrictions.
The problem is that /sre/params.php in ICS (Integrity Clientless Security) does not properly validate the data being sent to it. This can be exploited to receive a cookie, which can be used to bypass certain checks before being allowed to log in to the network, by sending a POST request with a valid report to the /sre/params.php page.
Successful exploitation requires that the ICS feature is enabled.
The vulnerability affects the following products and versions:
* Connectra NGX R62
* Connectra NGX R61
* Connectra NGX R60
* Connectra 2.0
* VPN-1 Power/UTM (Pro/Express) NGX R62
* VPN-1 Power/UTM (Pro/Express) NGX R61
* VPN-1 Power/UTM (Pro/Express) NGX R60
* VPN-1 Power/UTM (Pro/Express) NG AI R55W
* VPN-1 Power/UTM (Pro/Express) NG AI R55
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Check Point Products ICS Security Bypass
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.