Overview
Check Point VPN-1/FireWall-1 version 4.0 & 4.1 may allow an intruder to pass traffic through the firewall on port 259.
Description
Firewall-1 and VPN-1 include support for RDP, but do not provide adequate security controls for RDP data. By adding a faked RDP header to typical UDP traffic, any content can be passed to port 259 on any host on either side of the device. |
Impact
An attacker who exploits this vulnerability can build a tunnel to bypass the firewall and pass traffic to and from arbitrary hosts on either side of the firewall on port 259. |
Solution
Apply patch from vendor. |
Vendor Information
310295
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
The vulnerability was discovered by Jochen Bauer
This document was written by Ian A. Finlay.
Other Information
| CVE IDs: | CVE-2001-1158 |
| CERT Advisory: | CA-2001-17 |
| Severity Metric: | 51.30 |
| Date Public: | 2001-07-09 |
| Date First Published: | 2001-07-09 |
| Date Last Updated: | 2003-04-09 19:26 UTC |
| Document Revision: | 59 |