Vulners
Lucene search
Check Point FireWall-1 Open Web Administration
#
# This script was written by Matthew North < [email protected] >
#
# Checks to see if remote Check Point FireWall is open to Web administration.
# If it is open to web administration, then a brute-force password attack
# against the Firewall can be launch.
#
# Changes by rd: Description and usage of the http_func functions.
#
# Changes by Tenable:
# - Revised plugin title, output formatting (7/03/09)
include("compat.inc");
if(description)
{
script_id(11518);
script_version ("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
script_name(english:"Check Point FireWall-1 Open Web Administration");
script_set_attribute(attribute:"synopsis", value:
"The remote firewall has a remotely accessible web administration
interface." );
script_set_attribute(attribute:"description", value:
"The remote Check Point FireWall is open to Web administration.
An attacker can use it to launch a brute-force password attack
against the firewall, and eventually take control of it." );
script_set_attribute(attribute:"solution", value:
"Disable remote Web administration or filter packets going to this
port." );
script_set_attribute(attribute:"risk_factor", value: "None" );
script_set_attribute(attribute:"plugin_publication_date", value: "2003/04/04");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:checkpoint:firewall-1");
script_end_attributes();
script_summary(english:"Determines if the remote Check Point FireWall is open to Web administration");
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2003-2020 Matthew North");
script_family(english:"Firewalls");
script_dependencies("http_version.nasl");
script_require_ports("Services/www", 80);
exit(0);
}
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80, embedded:TRUE);
res = http_get_cache_ka(port:port, item:"/");
if (res != NULL ) {
if("ConfigToolPassword" >< res) {
security_note(port);
}
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Jun 2020 00:00Current
5.6Medium risk
Vulners AI Score5.6