48 matches found
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
Check Point Security Gateway RCE Exploit Tool CVE-2024-249...
Check Point Security Gateway - Information Disclosure (Unauthenticated)
Exploit Title: Check Point Security Gateway - Information Disclosure Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://support.checkpoint.com/results/sk/sk182336 Version: R77.20 EOL, R77.30 EOL, R80.10 EOL, R80.20 EOL, R80.20.x, R80.20SP EOL, R80.30 EOL, R80.30SP EOL, R80.40...
CVE-2024-24919
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. Recent assessments: remmons-r7 at May 30...
The vulnerability of clients under comprehensive network endpoint protection from Check Point Endpoint Security, which arises from the use of external control for selecting classes, allows attackers to disable the protection of certain network endpoints.
The vulnerability of Check Point Endpoint Security’s comprehensive network endpoint protection lies in the use of externally controlled input data for determining class assignments. Exploiting this vulnerability can allow an attacker to disable the protection for certain network endpoints...
CVE-2020-6020
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator...
Input validation
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator...
CVE-2020-6020
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator...
Zoom Fixed Flaw Opening Meetings to Hackers
NEW ORLEANS – Enterprise video conferencing firm Zoom has issued a bevy of security fixes after researchers said the company’s platform used weak authentication that made it possible for adversaries to join active meetings. The issue stems from Zoom’s conference meetings not requiring a “meeting...
The vulnerability of Check Point Security Gateway’s security gateway, related to deficiencies in handling exceptional states, allows a perpetrator to trigger a service failure.
The vulnerability of Check Point Security Gateway’s security gateway is related to deficiencies in handling exceptional states when the Threat Prevention Forensics feature is enabled. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the OSPF dynamic routing protocol implementation in the Check Point Security Gateway operating system allows a attacker to cause a service failure or gain access to confidential information.
The vulnerability of the OSPF dynamic routing protocol implementation in the Check Point Security Gateway operating system is related to the use of resources with similar identifiers. Exploiting this vulnerability can allow attackers to cause service failures or gain access to confidential...
The multiple vulnerabilities of Check Point Security Gateway firewalls models series 80, 600, and 1000 involve deficiencies in access control. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The multiple vulnerabilities of Check Point Security Gateway Series 80, 600, and 1000 are related to deficiencies in access control for certain functions. Exploitation of these vulnerabilities could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protect...
Cisco's 'High Severity' Flaw Lets Malware Bypass FirePower Firewall
Technology vendor Cisco is pushing out security updates to customers to address a critical vulnerability found in its recently introduced line of FirePower firewall products. The vulnerability, according to Cisco, allows attackers to slip malware onto critical systems without detection. The flaw...
Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability
A vulnerability in the Cisco FireSIGHT Management Center could allow an authenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker could exploit this...
Cisco FireSIGHT Management Center Web Framework Stored Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to execute a stored cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker...
Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability
A vulnerability in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to inject a crafted HTTP header that causes users to be redirected to a malicious website. The vulnerability is due to insufficient validation of user input before it is used ...
CVE-2014-8951
Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the 1 Application Control, 2 URL Filtering, 3 DLP, 4 Threat Emulation, 5 Anti-Bot, or 6 Anti-Virus blade is used, allows remote attackers to cause a denial of service fwk0 process...
CVE-2014-8950
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the 1 URL Filtering or 2 Identity Awareness blade is used, allows remote attackers to cause a denial of service crash via vectors involving an HTTPS request...
Design/Logic Flaw
Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the 1 Application Control, 2 URL Filtering, 3 DLP, 4 Threat Emulation, 5 Anti-Bot, or 6 Anti-Virus blade is used, allows remote attackers to cause a denial of service fwk0 process...
Cross site request forgery (csrf)
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the 1 URL Filtering or 2 Identity Awareness blade is used, allows remote attackers to cause a denial of service crash via vectors involving an HTTPS request...
Race condition
Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the 1 IPS blade, 2 IPsec Remote Access, 3 Mobile Access / SSL VPN blade, 4 SSL Network Extender, 5 Identify Awareness blade, 6 HTTPS Inspection, 7 UserCheck, or 8 Data...