Lucene search

[email protected]CVE-2014-1672

HistoryJan 26, 2014 - 1:55 a.m.

CVE-2014-1672

2014-01-2601:55:00

CWE-264

[email protected]

web.nvd.nist.gov

check point

r75.47

security gateway

management server

anti-spoofing

routing table

access restrictions

nvd

cve-2014-1672

7.4 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

50.0%

JSON

Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the “Get - Interfaces with Topology” action is performed, which allows attackers to bypass intended access restrictions.

CPENameOperatorVersion
checkpoint:management_servercheckpoint management servereqr75.47
checkpoint:security_gatewaycheckpoint security gatewayeqr75.47

CPE	Name	Operator	Version
checkpoint:management_server	checkpoint management server	eq	r75.47
checkpoint:security_gateway	checkpoint security gateway	eq	r75.47

References

exchange.xforce.ibmcloud.com/vulnerabilities/90976

supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98087

7.4 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

50.0%

JSON

Related for CVE-2014-1672

cvelist1 prion1