CVSS: 10.0EPSS: 6%CPEs: 12EXPL: 0CVE-2004-0040
https://notcve.org/view.php?id=CVE-2004-0040
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet. Desbordamiento de búfer basado en la pila en Checkpoint VPN-1 Server 4.1 a 4.1 SP6 y Checkpoint SecuRemote/SecureClient 4.1 a 4.1 compilación 4200 pemite a atacantes remotos ejecutar código arbitrario mediante un paquete ISAKMP con un paquete de Petición de Certificado muy grande. • http://marc.info/?l=bugtraq&m=107604682227031&w=2 http://www.ciac.org/ciac/bulletins/o-073.shtml http://www.kb.cert.org/vuls/id/873334 http://www.osvdb.org/3821 http://www.osvdb.org/4432 http://www.securityfocus.com/bid/9582 http://xforce.iss.net/xforce/alerts/id/163 https://exchange.xforce.ibmcloud.com/vulnerabilities/14150 •
CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 1CVE-2003-0757 – Check Point Firewall-1 4.x - SecuRemote Internal Interface Address Information Leakage
https://notcve.org/view.php?id=CVE-2003-0757
Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet. • https://www.exploit-db.com/exploits/23087 http://archives.neohapsis.com/archives/bugtraq/2003-09/0018.html •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2002-1623
https://notcve.org/view.php?id=CVE-2002-1623
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote. • http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001223.html http://marc.info/?l=bugtraq&m=103124812629621&w=2 http://marc.info/?l=bugtraq&m=103176164729351&w=2 http://www.checkpoint.com/techsupport/alerts/ike.html http://www.kb.cert.org/vuls/id/886601 http://www.nta-monitor.com/news/checkpoint.htm http://www.securiteam.com/securitynews/5TP040U8AW.html http://www.securityfocus.com/archive/1/290202 http://www.securityfocus.com/bid/5607 https://exchang •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2405
https://notcve.org/view.php?id=CVE-2002-2405
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0219.html http://www.iss.net/security_center/static/10139.php http://www.securityfocus.com/bid/5744 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 1CVE-2002-0428
https://notcve.org/view.php?id=CVE-2002-0428
Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file. • http://online.securityfocus.com/archive/1/260662 http://www.iss.net/security_center/static/8423.php http://www.securityfocus.com/bid/4253 •