CVE-2008-1397 - Vulnerability Details - OpenCVE

Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Checkpoint	Check Point Vpn-1 Pro Vpn-1 Vpn-1 Firewall-1 Vpn-1 Power Utm Vpn-1 Power Utm With Ngx

Configuration 1 [-]

OR	cpe:2.3:a:checkpoint:check_point_vpn-1_pro:ngx_r61:::::::*
	cpe:2.3:a:checkpoint:check_point_vpn-1_pro:ngx_r62_ga:::::::*
	cpe:2.3:a:checkpoint:vpn-1:ngx_r60::pro:::::
	cpe:2.3:a:checkpoint:vpn-1_firewall-1:ng_ai_r55:::::::*
	cpe:2.3:a:checkpoint:vpn-1_power_utm:ngx_r65_with_messaging_security:::::::*
	cpe:2.3:a:checkpoint:vpn-1_power_utm_with_ngx:r65:::::::*

No data.

References

Link	Providers
http://puresecurity.com.au/index.php?action=fullnews&id=5
http://secunia.com/advisories/29394
http://www.kb.cert.org/vuls/id/992585
http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf
http://www.securityfocus.com/bid/28299
http://www.securitytracker.com/id?1019666
http://www.vupen.com/english/advisories/2008/0953/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41260
https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-20T00:00:00

Updated: 2024-08-07T08:17:34.714Z

Reserved: 2008-03-19T00:00:00

Link: CVE-2008-1397

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-20T00:44:00.000

Modified: 2024-11-21T00:44:26.923

Link: CVE-2008-1397

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-17T00:00:00", "descriptions": [{"lang": "en", "value": "Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://puresecurity.com.au/index.php?action=fullnews&id=5"}, {"name": "28299", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28299"}, {"name": "VU#992585", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/992585"}, {"name": "29394", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29394"}, {"name": "1019666", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019666"}, {"tags": ["x_refsource_MISC"], "url": "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf"}, {"name": "ADV-2008-0953", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0953/references"}, {"name": "vpn1-ipaddress-dos(41260)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41260"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1397", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://puresecurity.com.au/index.php?action=fullnews&id=5", "refsource": "MISC", "url": "http://puresecurity.com.au/index.php?action=fullnews&id=5"}, {"name": "28299", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28299"}, {"name": "VU#992585", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/992585"}, {"name": "29394", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29394"}, {"name": "1019666", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019666"}, {"name": "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf", "refsource": "MISC", "url": "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf"}, {"name": "ADV-2008-0953", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0953/references"}, {"name": "vpn1-ipaddress-dos(41260)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41260"}, {"name": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579", "refsource": "CONFIRM", "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:17:34.714Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://puresecurity.com.au/index.php?action=fullnews&id=5"}, {"name": "28299", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28299"}, {"name": "VU#992585", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/992585"}, {"name": "29394", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29394"}, {"name": "1019666", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019666"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf"}, {"name": "ADV-2008-0953", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0953/references"}, {"name": "vpn1-ipaddress-dos(41260)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41260"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1397", "datePublished": "2008-03-20T00:00:00", "dateReserved": "2008-03-19T00:00:00", "dateUpdated": "2024-08-07T08:17:34.714Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:checkpoint:check_point_vpn-1_pro:ngx_r61:*:*:*:*:*:*:*", "matchCriteriaId": "9AE9A8C6-3273-4A44-B407-F28094569860", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:check_point_vpn-1_pro:ngx_r62_ga:*:*:*:*:*:*:*", "matchCriteriaId": "C01B3DF8-A2BD-486F-A0EB-800F8F906FAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:vpn-1:ngx_r60:*:pro:*:*:*:*:*", "matchCriteriaId": "95028F5A-F2DB-4440-B6BB-3F4A0C8C1FC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:vpn-1_firewall-1:ng_ai_r55:*:*:*:*:*:*:*", "matchCriteriaId": "0F4EAB35-FB40-45C7-BD09-7524D50C3FB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:vpn-1_power_utm:ngx_r65_with_messaging_security:*:*:*:*:*:*:*", "matchCriteriaId": "E28266A6-257E-499C-AF99-8CDF204DBF46", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:vpn-1_power_utm_with_ngx:r65:*:*:*:*:*:*:*", "matchCriteriaId": "799986F4-BDB5-46AB-9CFF-102CB9CD3BE8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint."}, {"lang": "es", "value": "Check Point VPN-1 Power/UTM, con NGX R60 hasta R65 y el software NG AI R55, permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (parada del t\u00fanel VPN sitio a sitio), y posiblemente interceptar tr\u00e1fico de red, por la configuraci\u00f3n de la direcci\u00f3n IP local RFC1918 al ser la misma que una de estas direcciones IP RFC1918 del punto final del t\u00fanel, y utilizando SecuRemote para conectar a una interfaz de red en el otro punto final.\r\n\t\r\n"}], "id": "CVE-2008-1397", "lastModified": "2024-11-21T00:44:26.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-20T00:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://puresecurity.com.au/index.php?action=fullnews&id=5"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29394"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/992585"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28299"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019666"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0953/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41260"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://puresecurity.com.au/index.php?action=fullnews&id=5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29394"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/992585"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28299"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019666"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0953/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41260"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}