Vulnerability Name:

CVE-2008-1397 (CCN-41260)

Assigned:2008-03-17
Published:2008-03-17
Updated:2017-08-08
Summary:Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-1397

Source: MISC
Type: UNKNOWN
http://puresecurity.com.au/index.php?action=fullnews&id=5

Source: CCN
Type: SA29394
CheckPoint VPN-1 IP Address Collision Security Issue

Source: SECUNIA
Type: Vendor Advisory
29394

Source: CCN
Type: SECTRACK ID: 1019666
Check Point VPN-1 SecuRemote Lets Remote Users Deny Service

Source: CCN
Type: US-CERT VU#992585
Check Point VPN-1 information disclosure vulnerability

Source: CERT-VN
Type: US Government Resource
VU#992585

Source: CCN
Type: OSVDB ID: 43295
Check Point VPN-1 IP Address Collision Handling Information Disclosure

Source: CCN
Type: PureSecurity Security Advisory, 17 March, 2008
Check Point VPN-1 SecuRemote DoS/Spoofing Attack for Site-Site

Source: MISC
Type: Exploit
http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf

Source: BID
Type: UNKNOWN
28299

Source: CCN
Type: BID-28299
Check Point VPN-1 IP Address Collision Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019666

Source: VUPEN
Type: UNKNOWN
ADV-2008-0953

Source: XF
Type: UNKNOWN
vpn1-ipaddress-dos(41260)

Source: XF
Type: UNKNOWN
vpn1-ipaddress-dos(41260)

Source: CCN
Type: Check Point Downloads Web site
Products & Technologies

Source: CONFIRM
Type: Patch
https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579

Vulnerable Configuration:Configuration 1:
  • cpe:/a:checkpoint:check_point_vpn-1_pro:ngx_r61:*:*:*:*:*:*:*
  • OR cpe:/a:checkpoint:check_point_vpn-1_pro:ngx_r62_ga:*:*:*:*:*:*:*
  • OR cpe:/a:checkpoint:vpn-1:ngx_r60:*:pro:*:*:*:*:*
  • OR cpe:/a:checkpoint:vpn-1_firewall-1:ng_ai_r55:*:*:*:*:*:*:*
  • OR cpe:/a:checkpoint:vpn-1_power_utm:ngx_r65_with_messaging_security:*:*:*:*:*:*:*
  • OR cpe:/a:checkpoint:vpn-1_power_utm_with_ngx:r65:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    checkpoint check point vpn-1 pro ngx_r61
    checkpoint check point vpn-1 pro ngx_r62_ga
    checkpoint vpn-1 ngx_r60
    checkpoint vpn-1 firewall-1 ng_ai_r55
    checkpoint vpn-1 power utm ngx_r65_with_messaging_security
    checkpoint vpn-1 power utm with ngx r65