Executive Summary

Title Check Point VPN-1 information disclosure vulnerability
Name VU#992585 First vendor Publication 2008-03-18
Vendor VU-CERT Last vendor Modification 2008-03-18
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score 6.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#992585

Check Point VPN-1 information disclosure vulnerability


The Check Point VPN-1 firewall contains an information disclosure vulnerability that may allow an authenticated attacker to access data that they are not authorized to access.

I. Description

The Check Point VPN-1 is an application layer firewall that supports remote and site-to-site virtual private networks (VPN).

From Check Point Solution ID sk34579

    This issue occurs in the following scenario:
    Remote Access Client (C) connects to a gateway (A). A site-to-site VPN tunnel exists between gateways (A) and (B). If the Remote Access Client (C) has an IP address which is also defined in the encryption domain of gateway (B), collisions occur: new connections meant for the afore-mentioned IP address in the encryption domain of gateway (B) would be incorrectly transferred to the Remote Access Client (C). Existing connections are not affected.

II. Impact

A remote, authenticated attacker may be able to intercept data that they are not authorized to access.

III. Solution


Check Point has released an update to address this vulnerability. Administrators should see Check Point Solution ID sk34579 for information about how to obtain fixed software.

Restrict access to internal network applications

Using application based access controls and encryption will mitigate this vulnerability by preventing a remote attacker from decrypting or accessing any data received from exploiting this vulnerability.

Systems Affected

VendorStatusDate Updated
Check Point Software TechnologiesVulnerable18-Mar-2008




Thanks to Robert Mitchell of Pursecurity and Check Point for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public03/18/2008
Date First Published03/18/2008 01:07:16 PM
Date Last Updated03/18/2008
CERT Advisory 
CVE Name 
US-CERT Technical Alerts 
Document Revision30

Original Source

Url : http://www.kb.cert.org/vuls/id/992585

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Application 2
Application 1
Application 1
Application 1
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
43295 Check Point VPN-1 IP Address Collision Handling Information Disclosure