Vulnerability Name:

CVE-2004-0699 (CCN-16474)

Assigned:2004-06-22
Published:2004-06-22
Updated:2017-07-11
Summary:Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-0699

Source: CCN
Type: SA12177
Check Point VPN-1 ASN.1 Decoding Heap Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
12177

Source: SECTRACK
Type: UNKNOWN
1010799

Source: CCN
Type: SECTRACK ID: 1010799
Check Point Provider-1 IKE ASN.1 Buffer Overflow Lets Remote Users Execute Arbitrary Code

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.checkpoint.com/techsupport/alerts/asn1.html

Source: CIAC
Type: UNKNOWN
O-190

Source: CCN
Type: US-CERT VU#435358
Check Point VPN-1 products contain boundary error in the ASN.1 decoding library

Source: CERT-VN
Type: US Government Resource
VU#435358

Source: OSVDB
Type: UNKNOWN
8290

Source: CCN
Type: OSVDB ID: 8290
Check Point VPN-1 ASN.1 Decoding Heap Overflow

Source: BID
Type: UNKNOWN
10820

Source: CCN
Type: BID-10820
Check Point VPN-1 ASN.1 Buffer Overflow Vulnerability

Source: ISS
Type: Patch, Vendor Advisory
20040728 Check Point VPN-1 ASN.1 Decoding Remote Compromise

Source: CCN
Type: Internet Security Systems Web site
Microsoft Windows ASN.1 Library buffer overflow

Source: XF
Type: UNKNOWN
asn1-decoding-bo(16474)

Source: CCN
Type: IBM Internet Security Systems X-Force Database
Check Point VPN-1/FireWall-1 ASN1 decoding buffer overflow

Source: XF
Type: UNKNOWN
vpn1-asn1-decoding-bo(16824)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:checkpoint:firewall-1:4.1:sp6:*:*:*:*:*:*
  • OR cpe:/a:checkpoint:vpn-1:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0699 (CCN-16824)

    Assigned:2004-07-28
    Published:2004-07-28
    Updated:2004-07-28
    Summary:Check Point VPN-1/FireWall-1 ASN library is vulnerable to a buffer overflow. By sending a packet with maliciously crafted ASN.1 data, a remote attacker could overflow a buffer and possibly execute arbitrary code via maliciously crafted ISAKMP packets, but there may be other ways that an attacker can exploit this vulnerability.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2004-0699

    Source: CCN
    Type: SA12177
    Check Point VPN-1 ASN.1 Decoding Heap Overflow Vulnerability

    Source: CCN
    Type: SECTRACK ID: 1010799
    Check Point Provider-1 IKE ASN.1 Buffer Overflow Lets Remote Users Execute Arbitrary Code

    Source: CCN
    Type: Checkpoint Technical Support Alert 28 Jul 2004
    ASN.1 Alert

    Source: CCN
    Type: CIAC Information Bulletin 0-190
    Check Point ASN.1 VPN-1 Buffer Overrun

    Source: CCN
    Type: US-CERT VU#435358
    Check Point VPN-1 products contain boundary error in the ASN.1 decoding library

    Source: CCN
    Type: OSVDB ID: 8290
    Check Point VPN-1 ASN.1 Decoding Heap Overflow

    Source: CCN
    Type: BID-10820
    Check Point VPN-1 ASN.1 Buffer Overflow Vulnerability

    Source: CCN
    Type: Internet Security Systems Protection Advisory July 28, 2004
    Check Point VPN-1 ASN.1 Decoding Remote Compromise

    Source: XF
    Type: UNKNOWN
    vpn1-asn1-decoding-bo(16824)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:checkpoint:vpn-1_firewall-1:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    checkpoint firewall-1 4.1 sp6
    checkpoint vpn-1 *
    checkpoint vpn-1 firewall-1 -