Vulnerability Name:

CVE-2005-4093 (CCN-23526)

Assigned:2005-12-07
Published:2005-12-07
Updated:2011-05-18
Summary:Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint.
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Full-Disclosure Mailing List, Wed Dec 07 2005 - 05:54:02 CST
Checkpoint SecureClient NGX Security Policy can easily be disabled

Source: MITRE
Type: CNA
CVE-2005-4093

Source: FULLDISC
Type: UNKNOWN
20051207 Checkpoint SecureClient NGX Security Policy can easily be disabled

Source: CCN
Type: SA17837
Check Point VPN-1 SecureClient Secure Configuration Verification Bypass Weakness

Source: SECUNIA
Type: Vendor Advisory
17837

Source: SECUNIA
Type: Vendor Advisory
23395

Source: CCN
Type: SECTRACK ID: 1015326
Check Point VPN-1 SecureClient Lets Local Users Bypass Security Policy

Source: SECTRACK
Type: UNKNOWN
1015326

Source: CCN
Type: Check Point Software Web Site
VPN-1 SecureClient

Source: DEBIAN
Type: DSA-1237
kernel-source-2.4.27 -- several vulnerabilities

Source: MISC
Type: UNKNOWN
http://www.mail-archive.com/swinog@lists.swinog.ch/msg00798.html

Source: MISC
Type: UNKNOWN
http://www.mail-archive.com/swinog@lists.swinog.ch/msg00799.html

Source: CCN
Type: OSVDB ID: 21527
Check Point VPN-1 SecureClient Security Policy Bypass

Source: BID
Type: UNKNOWN
15757

Source: CCN
Type: BID-15757
Check Point VPN-1 SecureClient Policy Bypass Vulnerability

Source: DEBIAN
Type: UNKNOWN
DSA-1237

Source: VUPEN
Type: Vendor Advisory
ADV-2005-2808

Source: XF
Type: UNKNOWN
secureclient-localsvc-security-bypass(23526)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:checkpoint:secureclient_ng:*:*:fp1:*:*:*:*:*
  • OR cpe:/a:checkpoint:secureclient_ng:r56:*:*:*:*:*:*:*
  • OR cpe:/a:checkpoint:vpn-1_secureclient:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:checkpoint:vpn-1_secureclient:4.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:checkpoint:vpn-1_secureclient:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:checkpoint:vpn-1_secureclient:4.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    checkpoint secureclient ng *
    checkpoint secureclient ng r56
    checkpoint vpn-1 secureclient 4.0
    checkpoint vpn-1 secureclient 4.1
    checkpoint vpn-1 secureclient 4.0
    checkpoint vpn-1 secureclient 4.1
    debian debian linux 3.1