CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0662
https://notcve.org/view.php?id=CVE-2008-0662
The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. La característica Auto Local Logon en Check Point VPN-1 SecuRemote/SecureClient NGX R60 y R56 para las credenciales de caché de Windows bajo la clave de registro Checkpoint\SecuRemote, que tiene permisos Everyone/Full Control, lo que permite a usuarios locales conseguir privilegios leyendo y reutilizando credenciales. • http://digihax.com http://secunia.com/advisories/28820 http://securityreason.com/securityalert/3627 http://www.securityfocus.com/archive/1/487735/100/0/threaded http://www.securityfocus.com/bid/27675 http://www.securitytracker.com/id?1019317 http://www.vupen.com/english/advisories/2008/0475 https://usercenter.checkpoint.com/usercenter/portal/user/anon/page/supportCenter.psml • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2007-4216
https://notcve.org/view.php?id=CVE-2007-4216
vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations. vsdatant.sys versión 6.5.737.0 en Check Point Zone Labs ZoneAlarm versiones anteriores a 7.0.362, permite a usuarios locales alcanzar privilegios por medio de un Interrupt Request Packet (Irp) diseñado en una petición (1) IOCTL 0x8400000F o (2) IOCTL 0x8400000013 de METHOD_NEITHER, que puede ser usado para sobrescribir ubicaciones de memoria arbitrarias. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585 http://secunia.com/advisories/26513 http://securitytracker.com/id?1018589 http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53 http://www.securityfocus.com/archive/1/477155/100/0/threaded http://www.securityfocus.com/bid/25365 http://www.securityfocus.com/bid/25377 http://www.vupen.com/english/advisories/2007/2929 https://exchange.xforce.ibmcloud.com/vulnerabilities/36107 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3489
https://notcve.org/view.php?id=CVE-2007-3489
Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en pop/WizU.html en la interfaz de administración de Check Point VPN-1 Edge X Embedded NGX 7.0.33x en el Check Point VPN-1 UTM Edge permite a atacantes remotos realizar acciones privilegiadas como administradores, como se ha demostrado utilizando una petición con los parámetros swuuser y swupass, lo cual añade una cuenta de administrador. NOTA: el ataque CSRF no tiene una ventana de tiempo porque no hay capacidad de desconexión en la interfaz de administración. • http://osvdb.org/37645 http://secunia.com/advisories/25853 http://securityreason.com/securityalert/2848 http://www.louhi.fi/advisory/checkpoint_070626.txt http://www.securityfocus.com/archive/1/472371/100/0/threaded http://www.vupen.com/english/advisories/2007/2363 https://exchange.xforce.ibmcloud.com/vulnerabilities/35103 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2007-2730
https://notcve.org/view.php?id=CVE-2007-2730
Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. Check Point Zonealarm Pro anterior a 6.5.737.000 no comprueba adecuadamente la equivalencia de identificadores de proceso para determinadas funciones de la API de Windows en el núcleo de NT5.0 y superiores, lo cual permite a usuarios locales llamar a estas funciones y evitar reglas del cortafuegos u obtener privilegios, mediante un identificador modificado que es uno, dos, o tres unidades mayor que el identificador canónico. • http://osvdb.org/37383 http://securityreason.com/securityalert/2714 http://www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-with-uncommon-identifier.php http://www.securityfocus.com/archive/1/468643/100/0/threaded •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2689
https://notcve.org/view.php?id=CVE-2007-2689
Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. CheckPoint Web Intelligence no maneja adecuadamente determinadas codificaciones de caracteres Unicode de ancho completo y medio, lo cual podría permitir a atacantes remotos evadir la detección de tráfico HTTP. • http://www.gamasec.net/english/gs07-01.html http://www.kb.cert.org/vuls/id/739224 http://www.securityfocus.com/archive/1/468633/100/0/threaded http://www.securitytracker.com/id?1018067 •