Checkpoint: >> Firewall-1 >> 4.1 Security Vulnerabilities
Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable.
CVSS Score
6.2
EPSS Score
0.001
Published
2001-09-08
Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.
CVSS Score
5.0
EPSS Score
0.007
Published
2001-08-31
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.
CVSS Score
5.0
EPSS Score
0.035
Published
2001-07-18
Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.
CVSS Score
7.5
EPSS Score
0.023
Published
2001-07-12
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.
CVSS Score
7.5
EPSS Score
0.048
Published
2001-07-09
FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources.
CVSS Score
5.0
EPSS Score
0.008
Published
2001-03-26
Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets.
CVSS Score
7.5
EPSS Score
0.027
Published
2001-02-12
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.
CVSS Score
7.5
EPSS Score
0.078
Published
2000-12-11
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."
CVSS Score
7.5
EPSS Score
0.004
Published
2000-11-14
Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets."
CVSS Score
7.5
EPSS Score
0.006
Published
2000-11-14