Lucene search

[email protected]CVE-2022-23746

HistoryNov 30, 2022 - 7:15 p.m.

CVE-2022-23746

2022-11-3019:15:10

CWE-307

[email protected]

web.nvd.nist.gov

ipsec

vpn

ssl

snx

brute-force attack

username/password authentication

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

50.5%

JSON

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.

Affected configurations

NVD

Node

checkpointssl_network_extenderMatchr80.20--

checkpointssl_network_extenderMatchr80.20take_10-

checkpointssl_network_extenderMatchr80.20take_103-

checkpointssl_network_extenderMatchr80.20take_117-

checkpointssl_network_extenderMatchr80.20take_118-

checkpointssl_network_extenderMatchr80.20take_127-

checkpointssl_network_extenderMatchr80.20take_134-

checkpointssl_network_extenderMatchr80.20take_135-

checkpointssl_network_extenderMatchr80.20take_138-

checkpointssl_network_extenderMatchr80.20take_141-

checkpointssl_network_extenderMatchr80.20take_149-

checkpointssl_network_extenderMatchr80.20take_155-

checkpointssl_network_extenderMatchr80.20take_156-

checkpointssl_network_extenderMatchr80.20take_160-

checkpointssl_network_extenderMatchr80.20take_161-

checkpointssl_network_extenderMatchr80.20take_17-

checkpointssl_network_extenderMatchr80.20take_173-

checkpointssl_network_extenderMatchr80.20take_183-

checkpointssl_network_extenderMatchr80.20take_187-

checkpointssl_network_extenderMatchr80.20take_188-

checkpointssl_network_extenderMatchr80.20take_190-

checkpointssl_network_extenderMatchr80.20take_202-

checkpointssl_network_extenderMatchr80.20take_203-

checkpointssl_network_extenderMatchr80.20take_205-

checkpointssl_network_extenderMatchr80.20take_208-

checkpointssl_network_extenderMatchr80.20take_210-

checkpointssl_network_extenderMatchr80.20take_211-

checkpointssl_network_extenderMatchr80.20take_220-

checkpointssl_network_extenderMatchr80.20take_33-

checkpointssl_network_extenderMatchr80.20take_42-

checkpointssl_network_extenderMatchr80.20take_47-

checkpointssl_network_extenderMatchr80.20take_73-

checkpointssl_network_extenderMatchr80.20take_74-

checkpointssl_network_extenderMatchr80.20take_80-

checkpointssl_network_extenderMatchr80.20take_87-

checkpointssl_network_extenderMatchr80.20take_91-

checkpointssl_network_extenderMatchr80.20sp--

checkpointssl_network_extenderMatchr80.20sptake_105-

checkpointssl_network_extenderMatchr80.20sptake_121-

checkpointssl_network_extenderMatchr80.20sptake_163-

checkpointssl_network_extenderMatchr80.20sptake_178-

checkpointssl_network_extenderMatchr80.20sptake_191-

checkpointssl_network_extenderMatchr80.20sptake_210-

checkpointssl_network_extenderMatchr80.20sptake_240-

checkpointssl_network_extenderMatchr80.20sptake_258-

checkpointssl_network_extenderMatchr80.20sptake_266-

checkpointssl_network_extenderMatchr80.20sptake_273-

checkpointssl_network_extenderMatchr80.20sptake_279-

checkpointssl_network_extenderMatchr80.20sptake_283-

checkpointssl_network_extenderMatchr80.20sptake_295-

checkpointssl_network_extenderMatchr80.20sptake_302-

checkpointssl_network_extenderMatchr80.20sptake_304-

checkpointssl_network_extenderMatchr80.20sptake_305-

checkpointssl_network_extenderMatchr80.20sptake_306-

checkpointssl_network_extenderMatchr80.20sptake_309-

checkpointssl_network_extenderMatchr80.20sptake_310-

checkpointssl_network_extenderMatchr80.20sptake_313-

checkpointssl_network_extenderMatchr80.20sptake_314-

checkpointssl_network_extenderMatchr80.20sptake_315-

checkpointssl_network_extenderMatchr80.20sptake_317-

checkpointssl_network_extenderMatchr80.20sptake_326-

checkpointssl_network_extenderMatchr80.20sptake_327-

checkpointssl_network_extenderMatchr80.20sptake_331-

checkpointssl_network_extenderMatchr80.20sptake_332-

checkpointssl_network_extenderMatchr80.20sptake_334-

checkpointssl_network_extenderMatchr80.20sptake_335-

checkpointssl_network_extenderMatchr80.30--

checkpointssl_network_extenderMatchr80.30take_107-

checkpointssl_network_extenderMatchr80.30take_111-

checkpointssl_network_extenderMatchr80.30take_135-

checkpointssl_network_extenderMatchr80.30take_136-

checkpointssl_network_extenderMatchr80.30take_140-

checkpointssl_network_extenderMatchr80.30take_155-

checkpointssl_network_extenderMatchr80.30take_163-

checkpointssl_network_extenderMatchr80.30take_166-

checkpointssl_network_extenderMatchr80.30take_168-

checkpointssl_network_extenderMatchr80.30take_180-

checkpointssl_network_extenderMatchr80.30take_19-

checkpointssl_network_extenderMatchr80.30take_191-

checkpointssl_network_extenderMatchr80.30take_195-

checkpointssl_network_extenderMatchr80.30take_196-

checkpointssl_network_extenderMatchr80.30take_210-

checkpointssl_network_extenderMatchr80.30take_213-

checkpointssl_network_extenderMatchr80.30take_214-

checkpointssl_network_extenderMatchr80.30take_215-

checkpointssl_network_extenderMatchr80.30take_217-

checkpointssl_network_extenderMatchr80.30take_219-

checkpointssl_network_extenderMatchr80.30take_221-

checkpointssl_network_extenderMatchr80.30take_226-

checkpointssl_network_extenderMatchr80.30take_227-

checkpointssl_network_extenderMatchr80.30take_228-

checkpointssl_network_extenderMatchr80.30take_232-

checkpointssl_network_extenderMatchr80.30take_235-

checkpointssl_network_extenderMatchr80.30take_236-

checkpointssl_network_extenderMatchr80.30take_237-

checkpointssl_network_extenderMatchr80.30take_241-

checkpointssl_network_extenderMatchr80.30take_242-

checkpointssl_network_extenderMatchr80.30take_245-

checkpointssl_network_extenderMatchr80.30take_246-

checkpointssl_network_extenderMatchr80.30take_251-

checkpointssl_network_extenderMatchr80.30take_254-

checkpointssl_network_extenderMatchr80.30take_50-

checkpointssl_network_extenderMatchr80.30take_76-

checkpointssl_network_extenderMatchr80.30sp--

checkpointssl_network_extenderMatchr80.30sptake_101-

checkpointssl_network_extenderMatchr80.30sptake_31-

checkpointssl_network_extenderMatchr80.30sptake_32-

checkpointssl_network_extenderMatchr80.30sptake_45-

checkpointssl_network_extenderMatchr80.30sptake_49-

checkpointssl_network_extenderMatchr80.30sptake_56-

checkpointssl_network_extenderMatchr80.30sptake_73-

checkpointssl_network_extenderMatchr80.30sptake_75-

checkpointssl_network_extenderMatchr80.30sptake_82-

checkpointssl_network_extenderMatchr80.30sptake_97-

checkpointssl_network_extenderMatchr80.40--

checkpointssl_network_extenderMatchr80.40take_100-

checkpointssl_network_extenderMatchr80.40take_102-

checkpointssl_network_extenderMatchr80.40take_114-

checkpointssl_network_extenderMatchr80.40take_118-

checkpointssl_network_extenderMatchr80.40take_119-

checkpointssl_network_extenderMatchr80.40take_120-

checkpointssl_network_extenderMatchr80.40take_121-

checkpointssl_network_extenderMatchr80.40take_125-

checkpointssl_network_extenderMatchr80.40take_126-

checkpointssl_network_extenderMatchr80.40take_131-

checkpointssl_network_extenderMatchr80.40take_138-

checkpointssl_network_extenderMatchr80.40take_139-

checkpointssl_network_extenderMatchr80.40take_150-

checkpointssl_network_extenderMatchr80.40take_153-

checkpointssl_network_extenderMatchr80.40take_154-

checkpointssl_network_extenderMatchr80.40take_156-

checkpointssl_network_extenderMatchr80.40take_158-

checkpointssl_network_extenderMatchr80.40take_161-

checkpointssl_network_extenderMatchr80.40take_172-

checkpointssl_network_extenderMatchr80.40take_173-

checkpointssl_network_extenderMatchr80.40take_25-

checkpointssl_network_extenderMatchr80.40take_38-

checkpointssl_network_extenderMatchr80.40take_45-

checkpointssl_network_extenderMatchr80.40take_48-

checkpointssl_network_extenderMatchr80.40take_53-

checkpointssl_network_extenderMatchr80.40take_54-

checkpointssl_network_extenderMatchr80.40take_55-

checkpointssl_network_extenderMatchr80.40take_65-

checkpointssl_network_extenderMatchr80.40take_67-

checkpointssl_network_extenderMatchr80.40take_69-

checkpointssl_network_extenderMatchr80.40take_74-

checkpointssl_network_extenderMatchr80.40take_77-

checkpointssl_network_extenderMatchr80.40take_78-

checkpointssl_network_extenderMatchr80.40take_83-

checkpointssl_network_extenderMatchr80.40take_87-

checkpointssl_network_extenderMatchr80.40take_89-

checkpointssl_network_extenderMatchr80.40take_91-

checkpointssl_network_extenderMatchr80.40take_92-

checkpointssl_network_extenderMatchr80.40take_93-

checkpointssl_network_extenderMatchr80.40take_94-

checkpointssl_network_extenderMatchr81--

checkpointssl_network_extenderMatchr81take_10-

checkpointssl_network_extenderMatchr81take_11-

checkpointssl_network_extenderMatchr81take_13-

checkpointssl_network_extenderMatchr81take_17-

checkpointssl_network_extenderMatchr81take_23-

checkpointssl_network_extenderMatchr81take_25-

checkpointssl_network_extenderMatchr81take_27-

checkpointssl_network_extenderMatchr81take_29-

checkpointssl_network_extenderMatchr81take_34-

checkpointssl_network_extenderMatchr81take_36-

checkpointssl_network_extenderMatchr81take_42-

checkpointssl_network_extenderMatchr81take_44-

checkpointssl_network_extenderMatchr81take_51-

checkpointssl_network_extenderMatchr81take_56-

checkpointssl_network_extenderMatchr81take_58-

checkpointssl_network_extenderMatchr81take_60-

checkpointssl_network_extenderMatchr81take_65-

checkpointssl_network_extenderMatchr81take_68-

checkpointssl_network_extenderMatchr81take_69-

checkpointssl_network_extenderMatchr81take_72-

checkpointssl_network_extenderMatchr81take_74-

checkpointssl_network_extenderMatchr81.10--

checkpointssl_network_extenderMatchr81.10take_14-

checkpointssl_network_extenderMatchr81.10take_22-

checkpointssl_network_extenderMatchr81.10take_30-

checkpointssl_network_extenderMatchr81.10take_38-

checkpointssl_network_extenderMatchr81.10take_44-

checkpointssl_network_extenderMatchr81.10take_45-

checkpointssl_network_extenderMatchr81.10take_55-

checkpointssl_network_extenderMatchr81.10take_61-

checkpointssl_network_extenderMatchr81.10take_66-

checkpointssl_network_extenderMatchr81.10take_75-

checkpointssl_network_extenderMatchr81.10take_78-

checkpointssl_network_extenderMatchr81.10take_9-

CPENameOperatorVersion
checkpoint:ssl_network_extendercheckpoint ssl network extendereqr80.20
checkpoint:ssl_network_extendercheckpoint ssl network extendereqr80.20sp
checkpoint:ssl_network_extendercheckpoint ssl network extendereqr80.30
checkpoint:ssl_network_extendercheckpoint ssl network extendereqr80.30sp
checkpoint:ssl_network_extendercheckpoint ssl network extendereqr80.40
checkpoint:ssl_network_extendercheckpoint ssl network extendereqr81
checkpoint:ssl_network_extendercheckpoint ssl network extendereqr81.10

CPE	Name	Operator	Version
checkpoint:ssl_network_extender	checkpoint ssl network extender	eq	r80.20
checkpoint:ssl_network_extender	checkpoint ssl network extender	eq	r80.20sp
checkpoint:ssl_network_extender	checkpoint ssl network extender	eq	r80.30
checkpoint:ssl_network_extender	checkpoint ssl network extender	eq	r80.30sp
checkpoint:ssl_network_extender	checkpoint ssl network extender	eq	r80.40
checkpoint:ssl_network_extender	checkpoint ssl network extender	eq	r81
checkpoint:ssl_network_extender	checkpoint ssl network extender	eq	r81.10

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Gateway & Management, IPsec VPN blade SNX portal.",
    "versions": [
      {
        "version": "R81.10 before take 79, R81 before take 77, R80.40 before take 180, R80.30 before take 255, R80.20 before 230",
        "status": "affected"
      }
    ]
  }
]

References

supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180271

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

50.5%

JSON

Related for CVE-2022-23746

cvelist1 prion1 nvd1