Page 2 of 28 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2

The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote. • http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001223.html http://marc.info/?l=bugtraq&m=103124812629621&w=2 http://marc.info/?l=bugtraq&m=103176164729351&w=2 http://www.checkpoint.com/techsupport/alerts/ike.html http://www.kb.cert.org/vuls/id/886601 http://www.nta-monitor.com/news/checkpoint.htm http://www.securiteam.com/securitynews/5TP040U8AW.html http://www.securityfocus.com/archive/1/290202 http://www.securityfocus.com/bid/5607 https://exchang •

CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 1

Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file. • http://online.securityfocus.com/archive/1/260662 http://www.iss.net/security_center/static/8423.php http://www.securityfocus.com/bid/4253 •

CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0

Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name. • http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0151.html http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00291.html http://marc.info/?l=bugtraq&m=100094268017271&w=2 http://marc.info/?l=bugtraq&m=100698954308436&w=2 http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html http://www.osvdb.org/1951 http://www.securityfocus.com/bid/3336 https://exchange.xforce.ibmcloud.com/vulnerabilities/7145 •

CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0

The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack. • http://www.securityfocus.com/archive/1/212826 http://www.securityfocus.com/bid/3303 https://exchange.xforce.ibmcloud.com/vulnerabilities/7095 •

CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0

Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable. • http://www.securityfocus.com/archive/1/212824 http://www.securityfocus.com/bid/3300 https://exchange.xforce.ibmcloud.com/vulnerabilities/7094 •