Check Point response to OpenSSL vulnerability CVE-2007-5135

...

CVE-2024-52887 - Self-XSS vulnerability in Mobile Access Native Applications 'favorites' dialog

Symptoms - The Mobile Access portal is vulnerable to a stored, self-XSS attack. An authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. So far today, no attack with actual impact is known. - This issue...

Check Point Response to CVE-2023-28130 - Hostname command injection in Gaia Portal

Symptoms - Local user may lead to privilege escalation using Gaia Portal "Hosts and DNS" page. This issue received the ID CVE-2023-28130. Solution This problem was fixed. The fix adds more validations on user input and is included starting from: Check Point R82 Jumbo Hotfix Accumulator for R81.20...

VPN SNX portal may be vulnerable to brute-force attack on passwords

Cause The VPN SNX portal in the IPsec VPN Software Blade does not implement any protection against brute-force attack on usernames/passwords. Symptoms - The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender SNX. If the portal is configured for...

Check Point Response to SNIcat

...

Predictable TCP sequences generated by Security Gateway in R80.20 / R80.30

...

Endpoint Security MI Server R73 certificate validation

...

E-mails might not be scanned by the Threat Emulation blade in some specific scenarios depending on the e-mail client behavior

...

Check Point's response to PHP Floating-Point Value Denial of Service Vulnerability (CVE-2010-4645)

...

CVE-2026-48132 - VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP

Symptoms - The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used 4500/UDP. As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service temporary interruption o...

Check Point response to CVE-2025-32728 - The SSH directive "DisableForwarding" fails to disable "X11 Forwarding" and "Agent Forwarding"

Symptoms - A flaw was found in OpenSSH - in affected versions of SSHD, the directive "DisableForwarding" does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and Agent forwarding, which may allow unintended access under certain configurations...

Check Point Response to CVE-2024-24914 - TCL substitution of global parameter values

Symptoms - After logging in to Gaia Portal, authenticated users local Gaia users and RADIUS / TACACS users may cause code injection in Gaia Portal because of unprotected global variables usage when processing the HTTP request in the TCL process. This issue received the ID CVE-2024-24914. Solution...

Local Privilege Escalation in Check Point Endpoint Security Remediation Service

Symptoms - This vulnerability allows local attackers to escalate privileges on affected installations of Check Point Harmony Endpoint / ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

In a rare scenario, R80.30 Security Gateway managed by R80.30 Security Management crashes when Threat Prevention Forensics feature is enabled

...

Check Point CloudGuard Controller fails to connect to a VMware vCenter Data Center in R80.20.M2

...

RADIUS/TACACS+ users fail to change the default admin password when running the First Time Wizard

...

Rare failure in the Identity Sharing network registration may potentially result in incorrect policy actions

Cause The connection is handled by the PEP Gateway, but no identity is found on the PEP for the connection’s IPs. With smart pull Identity sharing, the PEP Gateway will hold the connection if: 1. The Access Role is used in the policy and required for the final rulebase match. 2. There is a remote...

Using Domain Objects in the rulebase might cause wrong policy actions in R80.10 JHF Take_91-103

...

R77.30, R77.20 Security hotfix for DLP and Threat Extraction blades

...

Detection issue of malicious URLs in Anti-Bot / Anti-Virus after installing Take 143 of R77.30 Jumbo Hotfix Accumulator

...

Important security and stability enhancements for Security Gateway

...

Check Point Response to CVE-2024-3596 - Blast-RADIUS attack

Cause The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing...

Check Point Response to CVE-2021-30356 - denial-of-service vulnerability in Identity Agent

Cause A denial-of-service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files. This issue was published as CVE-2021-30356. The write-up for the vulnerability is available at:...

Few Remote Access clients that do not support Multi-Factor Authentication (MFA) are able to connect to a Security Gateway even though "Allow older clients" is disabled

...

HTTPS Inspection update for attending India CCA unauthorized digital certificates

...

Check Point response to "Check Point Connection Table Leakage"

...

Connectra PHP Vulnerability

...

CVE-2024-24915 - Potential vulnerability in SmartConsole where an administrator's credentials may be exposed to users with debugging privileges on the administrator's computer

Symptoms - Credentials are not cleared from memory after being used. A user with Administrator permissions can execute a memory dump for the SmartConsole process and fetch them. - This issue received the ID CVE-2024-24915. Solution This problem was fixed. The fix is included starting from: R82...

Check Point Response to CVE-2024-24911 - Out of Bounds read in the CPCA process on a Check Point Management Server

Cause An Out-of-Bounds read may occur when processing certain HTTP "POST" requests to the Security Management Server / Domain Management Server to the TCP port 18264. Repeated requests can cause a denial-of-service DoS of the cpca process and may lead it to exit unexpectedly with a core dump file...

Authenticating to SMB appliances using only the first 8 characters of the Administrator password is allowed

...

Machine is vulnerable to attacks after CPUSE clean install and before completing the First Time Wizard

...

Check Point response to "Bypassing Application Control"

...

Some protections may not work for specific HTTP evasions in R77.10 / R77 / R76

...

Check Point offers important security update for Endpoint Security Management Server

...

When using Threat Emulation to scan mail content, some files encoded in MIME may be incorrectly decoded causing a 'False-Negative' result of the emulated file

...

Check Point's Response to Stonesoft's "Advanced Evasion Techniques" (CVE-2010-0102)

...

Endpoint Security Server Information disclosure vulnerability

...

Check Point response to "Jedi Packet Trick" (CVE-2010-0104)

...

CVE-2024-52888 - Mobile Access File Share applications are vulnerable to stored XSS attacks

Symptoms - When an authenticated Mobile Access portal end-user browses to a File Share application, the portal may run a script while attempting to display a directory or some file's properties. Additionally, an authenticated attacker may store specially crafted file/dir names for other...

Check Point Response to CVE-2024-24912 - local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file

Symptoms - A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and lower. By manipulating the COM object, an attacker could load a specially crafted DLL. An attacker must first obtain the ability to execute local privilege...

Check Point Response to CVE-2023-28133 - Local privilege escalation in Check Point Endpoint Security Client via crafted OpenSSL configuration file

Symptoms - Local privilege escalation in Check Point Endpoint Security Client. Affected versions: E87.30 and lower, including all E86.x clients. Affected clients: Standalone Remote Access VPN clients, Endpoint Security Clients with Remote Access VPN enabled. Affected processes: TracSrvWrapper.exe...

Check Point response to Bleichenbacher oracle cryptographic attack (IKEv1/IKEv2)

...

Mail Transfer Agent (MTA) protection bypass

...

Check Point Response to BadLock vulnerabilities

...

Check Point response to ZoneAlarm DLL injection

...

Security enhancements for 600 / 1100 / Security Gateway 80 Appliances

...

Check Point response to Session Authentication Agent vulnerability

...

Security Gateway Virtual Edition (VE) VMWare OVF template security update

...

Check Point response to HTTPS BREACH attack

...

Anti-Virus / Anti-Bot policy enforcement issue on VSX gateways

...